Skip to content

Commit 511b5af

Browse files
committed
Minor cleanups
1 parent f356108 commit 511b5af

7 files changed

Lines changed: 97 additions & 50 deletions

File tree

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/AwsCredentialsProviderChain.java

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -133,17 +133,22 @@ public AwsCredentials resolveCredentials() {
133133

134134
@Override
135135
public CompletableFuture<Void> invalidate(AwsCredentialsIdentity identity) {
136+
List<CompletableFuture<Void>> futures = new ArrayList<>();
136137
for (IdentityProvider<? extends AwsCredentialsIdentity> provider : credentialsProviders) {
137138
try {
138139
@SuppressWarnings("unchecked")
139140
IdentityProvider<AwsCredentialsIdentity> typedProvider =
140141
(IdentityProvider<AwsCredentialsIdentity>) provider;
141-
typedProvider.invalidate(identity);
142+
CompletableFuture<Void> future = typedProvider.invalidate(identity);
143+
futures.add(future.exceptionally(e -> {
144+
log.debug(() -> "Failed to invalidate provider " + provider + ": " + e.getMessage(), e);
145+
return null;
146+
}));
142147
} catch (Exception e) {
143148
log.debug(() -> "Failed to invalidate provider " + provider + ": " + e.getMessage(), e);
144149
}
145150
}
146-
return CompletableFuture.completedFuture(null);
151+
return CompletableFuture.allOf(futures.toArray(new CompletableFuture[0]));
147152
}
148153

149154
@Override

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/ContainerCredentialsProvider.java

Lines changed: 3 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@
3838
import java.util.function.Predicate;
3939
import software.amazon.awssdk.annotations.SdkPublicApi;
4040
import software.amazon.awssdk.auth.credentials.internal.ContainerCredentialsRetryPolicy;
41+
import software.amazon.awssdk.auth.credentials.internal.CredentialsInvalidationUtils;
4142
import software.amazon.awssdk.auth.credentials.internal.HttpCredentialsLoader;
4243
import software.amazon.awssdk.auth.credentials.internal.HttpCredentialsLoader.LoadedCredentials;
4344
import software.amazon.awssdk.core.SdkSystemSetting;
@@ -190,16 +191,8 @@ public AwsCredentials resolveCredentials() {
190191

191192
@Override
192193
public CompletableFuture<Void> invalidate(AwsCredentialsIdentity identity) {
193-
if (identity instanceof AwsCredentialsIdentity) {
194-
String rejectedAccessKeyId = identity.accessKeyId();
195-
credentialsCache.invalidate(cachedCreds -> {
196-
if (cachedCreds instanceof AwsCredentialsIdentity) {
197-
return rejectedAccessKeyId.equals(((AwsCredentialsIdentity) cachedCreds).accessKeyId());
198-
}
199-
return false;
200-
});
201-
}
202-
return CompletableFuture.completedFuture(null);
194+
return CredentialsInvalidationUtils.invalidateCredentialsCache(
195+
identity, credentialsCache, cachedCreds -> (AwsCredentialsIdentity) cachedCreds);
203196
}
204197

205198
@Override

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProvider.java

Lines changed: 3 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@
3030
import java.util.function.Supplier;
3131
import software.amazon.awssdk.annotations.SdkPublicApi;
3232
import software.amazon.awssdk.annotations.SdkTestInternalApi;
33+
import software.amazon.awssdk.auth.credentials.internal.CredentialsInvalidationUtils;
3334
import software.amazon.awssdk.auth.credentials.internal.Ec2MetadataConfigProvider;
3435
import software.amazon.awssdk.auth.credentials.internal.HttpCredentialsLoader;
3536
import software.amazon.awssdk.auth.credentials.internal.HttpCredentialsLoader.LoadedCredentials;
@@ -171,16 +172,8 @@ public AwsCredentials resolveCredentials() {
171172

172173
@Override
173174
public CompletableFuture<Void> invalidate(AwsCredentialsIdentity identity) {
174-
if (identity instanceof AwsCredentialsIdentity) {
175-
String rejectedAccessKeyId = identity.accessKeyId();
176-
credentialsCache.invalidate(cachedCreds -> {
177-
if (cachedCreds instanceof AwsCredentialsIdentity) {
178-
return rejectedAccessKeyId.equals(((AwsCredentialsIdentity) cachedCreds).accessKeyId());
179-
}
180-
return false;
181-
});
182-
}
183-
return CompletableFuture.completedFuture(null);
175+
return CredentialsInvalidationUtils.invalidateCredentialsCache(
176+
identity, credentialsCache, cachedCreds -> (AwsCredentialsIdentity) cachedCreds);
184177
}
185178

186179
private RefreshResult<AwsCredentials> refreshCredentials() {

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/ProcessCredentialsProvider.java

Lines changed: 3 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@
2727
import java.util.Optional;
2828
import java.util.concurrent.CompletableFuture;
2929
import software.amazon.awssdk.annotations.SdkPublicApi;
30+
import software.amazon.awssdk.auth.credentials.internal.CredentialsInvalidationUtils;
3031
import software.amazon.awssdk.core.useragent.BusinessMetricFeatureId;
3132
import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
3233
import software.amazon.awssdk.protocols.jsoncore.JsonNode;
@@ -170,16 +171,8 @@ public AwsCredentials resolveCredentials() {
170171

171172
@Override
172173
public CompletableFuture<Void> invalidate(AwsCredentialsIdentity identity) {
173-
if (identity instanceof AwsCredentialsIdentity) {
174-
String rejectedAccessKeyId = identity.accessKeyId();
175-
processCredentialCache.invalidate(cachedCreds -> {
176-
if (cachedCreds instanceof AwsCredentialsIdentity) {
177-
return rejectedAccessKeyId.equals(((AwsCredentialsIdentity) cachedCreds).accessKeyId());
178-
}
179-
return false;
180-
});
181-
}
182-
return CompletableFuture.completedFuture(null);
174+
return CredentialsInvalidationUtils.invalidateCredentialsCache(
175+
identity, processCredentialCache, cachedCreds -> (AwsCredentialsIdentity) cachedCreds);
183176
}
184177

185178
private RefreshResult<AwsCredentials> refreshCredentials() {
Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
/*
2+
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License").
5+
* You may not use this file except in compliance with the License.
6+
* A copy of the License is located at
7+
*
8+
* http://aws.amazon.com/apache2.0
9+
*
10+
* or in the "license" file accompanying this file. This file is distributed
11+
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12+
* express or implied. See the License for the specific language governing
13+
* permissions and limitations under the License.
14+
*/
15+
16+
package software.amazon.awssdk.auth.credentials.internal;
17+
18+
import java.util.concurrent.CompletableFuture;
19+
import java.util.function.Function;
20+
import software.amazon.awssdk.annotations.SdkProtectedApi;
21+
import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
22+
import software.amazon.awssdk.utils.CompletableFutureUtils;
23+
import software.amazon.awssdk.utils.cache.CachedSupplier;
24+
25+
/**
26+
* Utility methods for credential provider invalidation logic.
27+
*
28+
* <p>This class provides shared implementations for the common pattern of comparing a rejected
29+
* identity's access key ID against a cached credential and conditionally invalidating the cache.</p>
30+
*/
31+
@SdkProtectedApi
32+
public final class CredentialsInvalidationUtils {
33+
34+
private CredentialsInvalidationUtils() {
35+
}
36+
37+
/**
38+
* Invalidates the given cache if the rejected identity's access key ID matches the cached credential's access key ID.
39+
*
40+
* <p>This method encapsulates the common pattern used by caching credential providers:
41+
* <ol>
42+
* <li>Extract the rejected access key ID from the identity</li>
43+
* <li>Compare it against the currently cached credentials</li>
44+
* <li>If they match, mark the cache for mandatory refresh</li>
45+
* </ol>
46+
*
47+
* @param identity The identity that was rejected by the service.
48+
* @param cache The cached supplier to invalidate.
49+
* @param credentialsExtractor A function that extracts the {@link AwsCredentialsIdentity} from the cached value type.
50+
* For providers that cache {@code AwsCredentials} directly, use {@code Function.identity()}.
51+
* For providers that cache a holder object, provide the appropriate extraction function.
52+
* @param <T> The type of value stored in the cache.
53+
* @return A {@link CompletableFuture} that completes when the invalidation check is done, or completes exceptionally
54+
* if an error occurs during the invalidation.
55+
*/
56+
public static <T> CompletableFuture<Void> invalidateCredentialsCache(
57+
AwsCredentialsIdentity identity,
58+
CachedSupplier<T> cache,
59+
Function<T, AwsCredentialsIdentity> credentialsExtractor) {
60+
61+
try {
62+
String rejectedAccessKeyId = identity.accessKeyId();
63+
cache.invalidate(cachedValue -> {
64+
AwsCredentialsIdentity cachedIdentity = credentialsExtractor.apply(cachedValue);
65+
if (cachedIdentity == null) {
66+
return false;
67+
}
68+
return rejectedAccessKeyId.equals(cachedIdentity.accessKeyId());
69+
});
70+
return CompletableFuture.completedFuture(null);
71+
} catch (Exception e) {
72+
return CompletableFutureUtils.failedFuture(e);
73+
}
74+
}
75+
}

services/sso/src/main/java/software/amazon/awssdk/services/sso/auth/SsoCredentialsProvider.java

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
import software.amazon.awssdk.auth.credentials.AwsCredentials;
2929
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
3030
import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
31+
import software.amazon.awssdk.auth.credentials.internal.CredentialsInvalidationUtils;
3132
import software.amazon.awssdk.core.useragent.BusinessMetricFeatureId;
3233
import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
3334
import software.amazon.awssdk.services.sso.SsoClient;
@@ -172,14 +173,8 @@ public AwsCredentials resolveCredentials() {
172173

173174
@Override
174175
public CompletableFuture<Void> invalidate(AwsCredentialsIdentity identity) {
175-
if (identity instanceof AwsCredentialsIdentity) {
176-
String rejectedAccessKeyId = identity.accessKeyId();
177-
credentialCache.invalidate(holder -> {
178-
AwsCredentialsIdentity cachedCreds = holder.sessionCredentials();
179-
return rejectedAccessKeyId.equals(cachedCreds.accessKeyId());
180-
});
181-
}
182-
return CompletableFuture.completedFuture(null);
176+
return CredentialsInvalidationUtils.invalidateCredentialsCache(
177+
identity, credentialCache, holder -> holder.sessionCredentials());
183178
}
184179

185180
@Override

services/sts/src/main/java/software/amazon/awssdk/services/sts/auth/StsCredentialsProvider.java

Lines changed: 3 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
import software.amazon.awssdk.auth.credentials.AwsCredentials;
2727
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
2828
import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
29+
import software.amazon.awssdk.auth.credentials.internal.CredentialsInvalidationUtils;
2930
import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
3031
import software.amazon.awssdk.services.sts.StsClient;
3132
import software.amazon.awssdk.utils.Logger;
@@ -127,16 +128,8 @@ public void close() {
127128

128129
@Override
129130
public CompletableFuture<Void> invalidate(AwsCredentialsIdentity identity) {
130-
if (identity instanceof AwsCredentialsIdentity) {
131-
String rejectedAccessKeyId = identity.accessKeyId();
132-
sessionCache.invalidate(cachedCreds -> {
133-
if (cachedCreds instanceof AwsCredentialsIdentity) {
134-
return rejectedAccessKeyId.equals(((AwsCredentialsIdentity) cachedCreds).accessKeyId());
135-
}
136-
return false;
137-
});
138-
}
139-
return CompletableFuture.completedFuture(null);
131+
return CredentialsInvalidationUtils.invalidateCredentialsCache(
132+
identity, sessionCache, cachedCreds -> (AwsCredentialsIdentity) cachedCreds);
140133
}
141134

142135
/**

0 commit comments

Comments
 (0)