Add NoCredentialsCache that offers no caching ability
#2720
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit updates `SsoCredentialsProvider`, `AssumeRoleProvider`, and `WebIdentityTokenCredentialsProvider` to use `NoCredentialsCache` for an internal STS client to fetch credentials. They used `LazyCredentialsCache` internally for STS, which caused double-caching when they were wrapped in an outer `LazyCredentialsCache` when a service client was created.
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
did not closely review PR–I think I prefer something like |
Yeah, naming is hard. I unnecessarily tried sticking to UPDATE: |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
hlbarber
pushed a commit
that referenced
this pull request
Jun 20, 2023
Related to awslabs/aws-sdk-rust#809 It has been discovered that when `AssumeRoleProvider` is used, the Rust SDK emits `credentials cache miss occurred` twice per request. The reason why that log is shown twice is illustrated in the following diagram:  One of the cache miss messages is due to the fact `AssumeRoleProvider` internally uses an STS client, which, in turn, is wrapped by a `LazyCredentialsCache` by default. However, that use of `LazyCredentialsCache` is pointless because caching is already in effect with the outermost `LazyCredentialsCache`. This PR adds a new kind of `CredentialsCache`, `NoCredentialsCache`. As its name suggests, it simplify delegates `provide_cached_credentials` to the underlying provider's `provide_credentials` with no caching functionality. We then update `SsoCredentialsProvider`, `AssumeRoleProvider`, and `WebIdentityTokenCredentialsProvider` to use `NoCredentialsCache` for their STS clients so the logs won't show `credentials cache miss occurred` twice per request. - Added unit tests for `NoCredentialsCache` - Updated unit test for `AssumeRoleProvider` to verify `NoCredentialsCache` is used by default - [x] I have updated `CHANGELOG.next.toml` if I made changes to the AWS SDK, generated SDK code, or SDK runtime crates ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._ --------- Co-authored-by: Yuki Saito <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation and Context
Related to awslabs/aws-sdk-rust#809
Description
It has been discovered that when
AssumeRoleProvideris used, the Rust SDK emitscredentials cache miss occurredtwice per request. The reason why that log is shown twice is illustrated in the following diagram:One of the cache miss messages is due to the fact
AssumeRoleProviderinternally uses an STS client, which, in turn, is wrapped by aLazyCredentialsCacheby default. However, that use ofLazyCredentialsCacheis pointless because caching is already in effect with the outermostLazyCredentialsCache.This PR adds a new kind of
CredentialsCache,NoCredentialsCache. As its name suggests, it simplify delegatesprovide_cached_credentialsto the underlying provider'sprovide_credentialswith no caching functionality. We then updateSsoCredentialsProvider,AssumeRoleProvider, andWebIdentityTokenCredentialsProviderto useNoCredentialsCachefor their STS clients so the logs won't showcredentials cache miss occurredtwice per request.Testing
NoCredentialsCacheAssumeRoleProviderto verifyNoCredentialsCacheis used by defaultChecklist
CHANGELOG.next.tomlif I made changes to the AWS SDK, generated SDK code, or SDK runtime cratesBy submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.