Merge branch 'main' into update-ubuntu

yitingb · web-flow · commit b7feca4a7825 · 2025-04-07T10:53:02.000-07:00
diff --git a/src/integrationtests/java/com/aws/greengrass/integrationtests/e2e/tes/TESTest.java b/src/integrationtests/java/com/aws/greengrass/integrationtests/e2e/tes/TESTest.java
@@ -20,7 +20,9 @@
 import com.aws.greengrass.logging.api.Logger;
 import com.aws.greengrass.logging.impl.LogManager;
 import com.aws.greengrass.tes.CredentialRequestHandler;
+import com.aws.greengrass.tes.HttpServerImpl;
 import com.aws.greengrass.tes.TokenExchangeService;
+import com.aws.greengrass.util.Coerce;
 import com.aws.greengrass.util.IamSdkClientFactory;
 import com.aws.greengrass.util.IotSdkClientFactory;
 import org.junit.jupiter.api.AfterAll;
@@ -43,16 +45,19 @@
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Path;
 import java.util.Collections;
+import java.util.Objects;
 import java.util.UUID;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicReference;
 
 import static com.aws.greengrass.componentmanager.KernelConfigResolver.CONFIGURATION_CONFIG_KEY;
+import static com.aws.greengrass.deployment.DeviceConfiguration.IOT_ROLE_ALIAS_TOPIC;
 import static com.aws.greengrass.easysetup.DeviceProvisioningHelper.ThingInfo;
 import static com.aws.greengrass.integrationtests.e2e.BaseE2ETestCase.E2ETEST_ENV_STAGE;
 import static com.aws.greengrass.lifecyclemanager.GreengrassService.SERVICES_NAMESPACE_TOPIC;
 import static com.aws.greengrass.lifecyclemanager.GreengrassService.SETENV_CONFIG_NAMESPACE;
-import static com.aws.greengrass.deployment.DeviceConfiguration.IOT_ROLE_ALIAS_TOPIC;
+import static com.aws.greengrass.tes.TokenExchangeService.PORT_TOPIC;
 import static com.aws.greengrass.tes.TokenExchangeService.TES_URI_ENV_VARIABLE_NAME;
 import static com.aws.greengrass.tes.TokenExchangeService.TOKEN_EXCHANGE_SERVICE_TOPICS;
 import static com.aws.greengrass.testcommons.testutilities.ExceptionLogProtector.ignoreExceptionUltimateCauseOfType;
@@ -131,6 +136,43 @@ static void tearDown() throws URISyntaxException {
         }
     }
 
+    @Test
+    void GIVEN_iot_role_alias_WHEN_port_changes_THEN_valid_credentials_are_returned_from_new_port() throws Exception {
+        // Get current port and calculate new port
+        int currentPort = Coerce.toInt(
+                kernel.getConfig().lookupTopics(SERVICES_NAMESPACE_TOPIC, TOKEN_EXCHANGE_SERVICE_TOPICS)
+                        .lookup(CONFIGURATION_CONFIG_KEY, PORT_TOPIC));
+        int newPort = currentPort + 1;
+        String expectedUri = String.format("http://localhost:%d%s", newPort, HttpServerImpl.URL);
+
+        // Setup server restart detection
+        CountDownLatch serverRestarted = new CountDownLatch(1);
+        AtomicReference<String> urlString = new AtomicReference<>();
+        kernel.getConfig().find(SETENV_CONFIG_NAMESPACE, TES_URI_ENV_VARIABLE_NAME).subscribe((why, newv) -> {
+            urlString.set(Coerce.toString(newv));
+            if (urlString.get().equals(expectedUri)) {
+                serverRestarted.countDown();
+            }
+        });
+
+        // Change port and wait for server restart
+        kernel.getConfig().lookupTopics(SERVICES_NAMESPACE_TOPIC, TOKEN_EXCHANGE_SERVICE_TOPICS)
+                .lookup(CONFIGURATION_CONFIG_KEY, PORT_TOPIC).withValue(newPort);
+        assertTrue(serverRestarted.await(5, TimeUnit.SECONDS), "Server did not restart within 5 seconds");
+        assertEquals(expectedUri, urlString.get(), "New URL does not match expected URI");
+
+        // Get authentication token and make request
+        String token = Objects.requireNonNull(kernel.getConfig()
+                        .findTopics(SERVICES_NAMESPACE_TOPIC, AuthenticationHandler.AUTHENTICATION_TOKEN_LOOKUP_KEY)).iterator()
+                .next().getName();
+
+        String response = getResponseString(new URL(urlString.get()), token);
+
+        // Verify response format
+        assertThat(response, matchesPattern(
+                "\\{\"AccessKeyId\":\".+\",\"SecretAccessKey\":\".+\",\"Expiration\":\".+\",\"Token\":\".+\"\\}"));
+    }
+
     @Test
     void GIVEN_iot_role_alias_WHEN_tes_is_queried_THEN_valid_credentials_are_returned(ExtensionContext context)
             throws Exception {
diff --git a/src/main/java/com/aws/greengrass/dependency/Context.java b/src/main/java/com/aws/greengrass/dependency/Context.java
@@ -121,7 +121,7 @@ private <T> Value<T> getValue(Class<T> clazz, Object tag) {
     }
 
     public <T> T newInstance(Class<T> cl) {
-        return new Value<>(cl, null).get();
+        return new Value<>(cl, null).getObjectWithoutInjection();
     }
 
     /**
@@ -434,6 +434,17 @@ public final T get() {
             return constructObjectWithInjection();
         }
 
+        /**
+         * Constructs an object without injection.
+         * @return object
+         */
+        public final T getObjectWithoutInjection() {
+            if (object != null && injectionCompleted) {
+                return object;
+            }
+            return constructObject();
+        }
+
 
         /**
          * Put a new object instance and inject fields with pre and post actions, if the new object is not equal to
@@ -462,7 +473,7 @@ final T putAndInjectFields(T newObject) {
         }
 
         @SuppressWarnings("PMD.AvoidCatchingThrowable")
-        private T constructObjectWithInjection() {
+        private T constructObject() {
             try (LockScope ls = LockScope.lock(lock)) {
                 if (object != null) {
                     return object;
@@ -483,17 +494,23 @@ private T constructObjectWithInjection() {
                     int paramCount = pickedConstructor.getParameterCount();
                     if (paramCount == 0) {
                         // no arg constructor
-                        return putAndInjectFields(pickedConstructor.newInstance());
+                        return pickedConstructor.newInstance();
                     }
 
                     Object[] args = getOrCreateArgInstances(clazz, pickedConstructor, paramCount);
-                    return putAndInjectFields(pickedConstructor.newInstance(args));
+                    return pickedConstructor.newInstance(args);
                 } catch (Throwable ex) {
                     throw new IllegalArgumentException("Can't create instance of " + targetClass.getName(), ex);
                 }
             }
         }
 
+        private T constructObjectWithInjection() {
+            try (LockScope ls = LockScope.lock(lock)) {
+                return putAndInjectFields(constructObject());
+            }
+        }
+
         private Object[] getOrCreateArgInstances(Class<T> clazz, Constructor<T> pickedConstructor, int argCount) {
             Object[] args = new Object[argCount];
             Class[] argTypes = pickedConstructor.getParameterTypes();
@@ -549,8 +566,9 @@ private Constructor<T> pickConstructor(Class<T> clazz) throws NoSuchMethodExcept
         }
 
         /**
-         * Computes and return T if object instance is null. TODO revisit to see if there is a better way because the
-         * mapping function usage is weird.
+         * Computes and returns T if object instance is null. The mapping function used for the instance creation should
+         * not inject the created object into the context as it will anyway be injected as part of this method.
+         * TODO revisit to see if there is a better way because the mapping function usage is weird.
          *
          * @param mappingFunction maps from Value to T
          * @param <E>             CheckedException
@@ -563,7 +581,6 @@ public final <E extends Exception> T computeObjectIfEmpty(
                 if (object != null) {
                     return object;
                 }
-
                 return putAndInjectFields(mappingFunction.apply(this));
             }
         }
diff --git a/src/main/java/com/aws/greengrass/lifecyclemanager/Kernel.java b/src/main/java/com/aws/greengrass/lifecyclemanager/Kernel.java
@@ -444,7 +444,7 @@ public Topics findServiceTopic(String serviceName) {
      */
     public GreengrassService locate(String name) throws ServiceLoadException {
         return context.getValue(GreengrassService.class, name).computeObjectIfEmpty(v ->
-                locateGreengrassService(v, name, this::locate));
+                createGreengrassServiceInstance(v, name, this::locate));
     }
 
     /**
@@ -456,7 +456,7 @@ public GreengrassService locate(String name) throws ServiceLoadException {
     public GreengrassService locateIgnoreError(String name) {
         return context.getValue(GreengrassService.class, name).computeObjectIfEmpty(v -> {
             try {
-                return locateGreengrassService(v, name, this::locateIgnoreError);
+                return createGreengrassServiceInstance(v, name, this::locateIgnoreError);
             } catch (ServiceLoadException e) {
                 logger.atError().log("Cannot load service", e);
                 return new UnloadableService(
@@ -481,7 +481,7 @@ private void executeBootstrapTasksAndShutdown(BootstrapManager bootstrapManager,
 
     @SuppressWarnings(
             {"UseSpecificCatch", "PMD.AvoidCatchingThrowable", "PMD.AvoidDeeplyNestedIfStmts", "PMD.ConfusingTernary"})
-    private GreengrassService locateGreengrassService(Context.Value v, String name, CrashableFunction<String,
+    private GreengrassService createGreengrassServiceInstance(Context.Value v, String name, CrashableFunction<String,
             GreengrassService, ServiceLoadException> locateFunction) throws ServiceLoadException {
         Topics serviceRootTopics = findServiceTopic(name);
 
diff --git a/src/main/java/com/aws/greengrass/tes/TokenExchangeService.java b/src/main/java/com/aws/greengrass/tes/TokenExchangeService.java
@@ -19,7 +19,7 @@
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
 
 import java.io.IOException;
-import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashSet;
 import javax.inject.Inject;
 
@@ -56,10 +56,19 @@ public TokenExchangeService(Topics topics,
                                 CredentialRequestHandler credentialRequestHandler,
                                 AuthorizationHandler authZHandler, DeviceConfiguration deviceConfiguration) {
         super(topics);
-        // Port change should not be allowed
-        topics.lookup(CONFIGURATION_CONFIG_KEY, PORT_TOPIC).dflt(DEFAULT_PORT)
-                .subscribe((why, newv) -> port = Coerce.toInt(newv));
-
+        port = Coerce.toInt(config.lookup(CONFIGURATION_CONFIG_KEY, PORT_TOPIC).dflt(DEFAULT_PORT));
+        config.subscribe((why, node) -> {
+            if (node != null && node.childOf(PORT_TOPIC)) {
+                logger.atDebug("tes-config-change").kv("node", node).kv("why", why).log();
+                port = Coerce.toInt(node);
+                Topic activePortTopic = config.lookup(CONFIGURATION_CONFIG_KEY, ACTIVE_PORT_TOPIC);
+                if (port != Coerce.toInt(activePortTopic)) {
+                    logger.atInfo("tes-config-change").kv(PORT_TOPIC, port).kv("node", node).kv("why", why)
+                            .log("Restarting TES server due to port config change");
+                    requestRestart();
+                }
+            }
+        });
         deviceConfiguration.getIotRoleAlias().subscribe((why, newv) -> {
             iotRoleAlias = Coerce.toString(newv);
         });
@@ -72,7 +81,8 @@ public TokenExchangeService(Topics topics,
     public void postInject() {
         super.postInject();
         try {
-            authZHandler.registerComponent(this.getName(), new HashSet<>(Arrays.asList(AUTHZ_TES_OPERATION)));
+            authZHandler.registerComponent(this.getName(),
+                    new HashSet<>(Collections.singletonList(AUTHZ_TES_OPERATION)));
         } catch (AuthorizationException e) {
             serviceErrored(e);
         }
diff --git a/src/main/java/com/aws/greengrass/util/platforms/unix/UnixExec.java b/src/main/java/com/aws/greengrass/util/platforms/unix/UnixExec.java
@@ -123,20 +123,21 @@ public void close() throws IOException {
                 for (PidProcess pp : pidProcesses) {
                     pp.waitFor(gracefulShutdownTimeout.getSeconds(), TimeUnit.SECONDS);
                 }
-                if (pidProcesses.stream().anyMatch(pidProcess -> {
+                boolean isAnyProcessAlive = pidProcesses.stream().anyMatch(pidProcess -> {
                     try {
                         return pidProcess.isAlive();
                     } catch (IOException ignored) {
                     } catch (InterruptedException e) {
                         Thread.currentThread().interrupt();
                     }
                     return false;
-                })) {
+                });
+                if (isAnyProcessAlive) {
                     logger.atWarn()
                             .log("Command {} did not respond to interruption within timeout. Going to kill it now",
                                     this);
+                    platformInstance.killProcessAndChildren(p, true, pids, userDecorator);
                 }
-                platformInstance.killProcessAndChildren(p, true, pids, userDecorator);
                 if (!p.waitFor(5, TimeUnit.SECONDS) && !isClosed.get()) {
                     throw new IOException("Could not stop " + this);
                 }
diff --git a/src/main/java/com/aws/greengrass/util/platforms/unix/UnixPlatform.java b/src/main/java/com/aws/greengrass/util/platforms/unix/UnixPlatform.java
@@ -275,13 +275,13 @@ public UnixUserAttributes lookupCurrentUser() throws IOException {
     public Set<Integer> killProcessAndChildren(Process process, boolean force, Set<Integer> additionalPids,
                                                UserDecorator decorator)
             throws IOException, InterruptedException {
-        PidProcess pp = Processes.newPidProcess(process);
+        PidProcess parentPidProcess = Processes.newPidProcess(process);
 
-        logger.atInfo().log("Killing child processes of pid {}, force is {}", pp.getPid(), force);
+        logger.atInfo().log("Killing child processes of pid {}, force is {}", parentPidProcess.getPid(), force);
         Set<Integer> pids;
         try {
             pids = getChildPids(process);
-            logger.atDebug().log("Found children of {}. {}", pp.getPid(), pids);
+            logger.atDebug().log("Found children of {}. {}", parentPidProcess.getPid(), pids);
             if (additionalPids != null) {
                 pids.addAll(additionalPids);
             }
@@ -293,6 +293,9 @@ public Set<Integer> killProcessAndChildren(Process process, boolean force, Set<I
 
                 killProcess(force, decorator, pid);
             }
+
+            logger.atInfo().log("Killing parent process {}, force is {}", parentPidProcess.getPid(), force);
+            killProcess(force, decorator, parentPidProcess.getPid());
         } finally {
             // calling process.destroy() here when force==false will cause the child process (component process) to be
             // terminated immediately. This prevents the component process from shutting down gracefully.
@@ -301,11 +304,13 @@ public Set<Integer> killProcessAndChildren(Process process, boolean force, Set<I
                 if (process.isAlive()) {
                     // Kill parent process using privileged user since the parent process might be sudo which a
                     // non-privileged user can't kill
-                    killProcess(true, getUserDecorator().withUser(getPrivilegedUser()), pp.getPid());
+                    killProcess(true, getUserDecorator().withUser(getPrivilegedUser()), parentPidProcess.getPid());
                 }
             }
         }
 
+        // add parent pid so caller can validate if every process is properly terminated
+        pids.add(parentPidProcess.getPid());
         return pids;
     }
 
diff --git a/src/test/java/com/aws/greengrass/tes/TokenExchangeServiceTest.java b/src/test/java/com/aws/greengrass/tes/TokenExchangeServiceTest.java
@@ -8,6 +8,7 @@
 import com.amazon.aws.iot.greengrass.component.common.ComponentType;
 import com.aws.greengrass.authorization.AuthorizationHandler;
 import com.aws.greengrass.authorization.exceptions.AuthorizationException;
+import com.aws.greengrass.config.ChildChanged;
 import com.aws.greengrass.config.Configuration;
 import com.aws.greengrass.config.Subscriber;
 import com.aws.greengrass.config.Topic;
@@ -131,14 +132,7 @@ void cleanup() throws Exception {
     @ParameterizedTest
     @ValueSource(ints = {0, 3000})
     void GIVEN_token_exchange_service_WHEN_started_THEN_correct_env_set(int port) throws Exception {
-        Topic portTopic = mock(Topic.class);
-        when(portTopic.dflt(anyInt())).thenReturn(portTopic);
-        when(portTopic.subscribe(any())).thenAnswer((a) -> {
-            ((Subscriber) a.getArgument(0)).published(WhatHappened.initialized, portTopic);
-            return null;
-        });
-        when(portTopic.getOnce()).thenReturn(port);
-
+        Topic portTopic = Topic.of(new Context(), PORT_TOPIC, port);
         Topic roleTopic = mock(Topic.class);
         when(roleTopic.subscribe(any())).thenAnswer((a) -> {
             ((Subscriber) a.getArgument(0)).published(WhatHappened.initialized, roleTopic);
@@ -157,6 +151,11 @@ void GIVEN_token_exchange_service_WHEN_started_THEN_correct_env_set(int port) th
         when(configuration.lookup(SERVICES_NAMESPACE_TOPIC, DEFAULT_NUCLEUS_COMPONENT_NAME, CONFIGURATION_CONFIG_KEY,
                 IOT_ROLE_ALIAS_TOPIC)).thenReturn(roleTopic);
 
+        when(config.subscribe(any())).thenAnswer((a) -> {
+            ((ChildChanged) a.getArgument(0)).childChanged(WhatHappened.initialized, portTopic);
+            return null;
+        });
+
         TokenExchangeService tes = new TokenExchangeService(config,
                 mockCredentialHandler,
                 mockAuthZHandler, deviceConfigurationWithRoleAlias(MOCK_ROLE_ALIAS));
@@ -180,7 +179,6 @@ void GIVEN_token_exchange_service_WHEN_started_THEN_correct_env_set(int port) th
         verify(mockAuthZHandler).registerComponent(stringArgumentCaptor.capture(), operationsCaptor.capture());
         assertEquals(TOKEN_EXCHANGE_SERVICE_TOPICS, stringArgumentCaptor.getValue());
         assertTrue(operationsCaptor.getValue().contains(TokenExchangeService.AUTHZ_TES_OPERATION));
-
     }
 
     @ParameterizedTest
@@ -202,13 +200,7 @@ void GIVEN_token_exchange_service_WHEN_started_with_empty_role_alias_THEN_server
         // set mock for port topic
         Topic portTopic = mock(Topic.class);
         when(portTopic.dflt(anyInt())).thenReturn(portTopic);
-        when(portTopic.subscribe(any())).thenAnswer((a) -> {
-            ((Subscriber) a.getArgument(0)).published(WhatHappened.initialized, portTopic);
-            return null;
-        });
-        when(portTopic.getOnce()).thenReturn(8080);
-
-
+        
         when(config.lookup(CONFIGURATION_CONFIG_KEY, PORT_TOPIC)).thenReturn(portTopic);
         when(configuration.lookup(SERVICES_NAMESPACE_TOPIC, DEFAULT_NUCLEUS_COMPONENT_NAME, CONFIGURATION_CONFIG_KEY,
                 IOT_ROLE_ALIAS_TOPIC)).thenReturn(roleTopic);
@@ -240,11 +232,6 @@ void GIVEN_token_exchange_service_WHEN_auth_errors_THEN_server_errors_out(Extens
         // set mock for port topic
         Topic portTopic = mock(Topic.class);
         when(portTopic.dflt(anyInt())).thenReturn(portTopic);
-        when(portTopic.subscribe(any())).thenAnswer((a) -> {
-            ((Subscriber) a.getArgument(0)).published(WhatHappened.initialized, portTopic);
-            return null;
-        });
-        when(portTopic.getOnce()).thenReturn(8080);
         when(config.lookup(CONFIGURATION_CONFIG_KEY, PORT_TOPIC)).thenReturn(portTopic);
         when(configuration.lookup(SERVICES_NAMESPACE_TOPIC, DEFAULT_NUCLEUS_COMPONENT_NAME, CONFIGURATION_CONFIG_KEY,
                 IOT_ROLE_ALIAS_TOPIC)).thenReturn(roleTopic);

Original file line number	Diff line number	Diff line change
`@@ -121,7 +121,7 @@ private <T> Value<T> getValue(Class<T> clazz, Object tag) {`
`121`	`121`	`}`
`122`	`122`
`123`	`123`	`public <T> T newInstance(Class<T> cl) {`
`124`		`- return new Value<>(cl, null).get();`
	`124`	`+ return new Value<>(cl, null).getObjectWithoutInjection();`
`125`	`125`	`}`
`126`	`126`
`127`	`127`	`/**`
`@@ -434,6 +434,17 @@ public final T get() {`
`434`	`434`	`return constructObjectWithInjection();`
`435`	`435`	`}`
`436`	`436`
	`437`	`+ /**`
	`438`	`+ * Constructs an object without injection.`
	`439`	`+ * @return object`
	`440`	`+ */`
	`441`	`+ public final T getObjectWithoutInjection() {`
	`442`	`+ if (object != null && injectionCompleted) {`
	`443`	`+ return object;`
	`444`	`+ }`
	`445`	`+ return constructObject();`
	`446`	`+ }`
	`447`	`+`
`437`	`448`
`438`	`449`	`/**`
`439`	`450`	`* Put a new object instance and inject fields with pre and post actions, if the new object is not equal to`
`@@ -462,7 +473,7 @@ final T putAndInjectFields(T newObject) {`
`462`	`473`	`}`
`463`	`474`
`464`	`475`	`@SuppressWarnings("PMD.AvoidCatchingThrowable")`
`465`		`- private T constructObjectWithInjection() {`
	`476`	`+ private T constructObject() {`
`466`	`477`	`try (LockScope ls = LockScope.lock(lock)) {`
`467`	`478`	`if (object != null) {`
`468`	`479`	`return object;`
`@@ -483,17 +494,23 @@ private T constructObjectWithInjection() {`
`483`	`494`	`int paramCount = pickedConstructor.getParameterCount();`
`484`	`495`	`if (paramCount == 0) {`
`485`	`496`	`// no arg constructor`
`486`		`- return putAndInjectFields(pickedConstructor.newInstance());`
	`497`	`+ return pickedConstructor.newInstance();`
`487`	`498`	`}`
`488`	`499`
`489`	`500`	`Object[] args = getOrCreateArgInstances(clazz, pickedConstructor, paramCount);`
`490`		`- return putAndInjectFields(pickedConstructor.newInstance(args));`
	`501`	`+ return pickedConstructor.newInstance(args);`
`491`	`502`	`} catch (Throwable ex) {`
`492`	`503`	`throw new IllegalArgumentException("Can't create instance of " + targetClass.getName(), ex);`
`493`	`504`	`}`
`494`	`505`	`}`
`495`	`506`	`}`
`496`	`507`
	`508`	`+ private T constructObjectWithInjection() {`
	`509`	`+ try (LockScope ls = LockScope.lock(lock)) {`
	`510`	`+ return putAndInjectFields(constructObject());`
	`511`	`+ }`
	`512`	`+ }`
	`513`	`+`
`497`	`514`	`private Object[] getOrCreateArgInstances(Class<T> clazz, Constructor<T> pickedConstructor, int argCount) {`
`498`	`515`	`Object[] args = new Object[argCount];`
`499`	`516`	`Class[] argTypes = pickedConstructor.getParameterTypes();`
`@@ -549,8 +566,9 @@ private Constructor<T> pickConstructor(Class<T> clazz) throws NoSuchMethodExcept`
`549`	`566`	`}`
`550`	`567`
`551`	`568`	`/**`
`552`		`- * Computes and return T if object instance is null. TODO revisit to see if there is a better way because the`
`553`		`- * mapping function usage is weird.`
	`569`	`+ * Computes and returns T if object instance is null. The mapping function used for the instance creation should`
	`570`	`+ * not inject the created object into the context as it will anyway be injected as part of this method.`
	`571`	`+ * TODO revisit to see if there is a better way because the mapping function usage is weird.`
`554`	`572`	`*`
`555`	`573`	`* @param mappingFunction maps from Value to T`
`556`	`574`	`* @param <E> CheckedException`
`@@ -563,7 +581,6 @@ public final <E extends Exception> T computeObjectIfEmpty(`
`563`	`581`	`if (object != null) {`
`564`	`582`	`return object;`
`565`	`583`	`}`
`566`		`-`
`567`	`584`	`return putAndInjectFields(mappingFunction.apply(this));`
`568`	`585`	`}`
`569`	`586`	`}`