Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: retry upto 3 times when InvalidIdentityTokenException happens #115

Merged
merged 2 commits into from
Aug 29, 2022
Merged

fix: retry upto 3 times when InvalidIdentityTokenException happens #115

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8865f32
fix: retry upto 3 times when InvalidIdentityTokenException happens
blacha Aug 29, 2022
dcb9e46
fix: retry fetching credentials on failure
blacha Aug 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions scripts/aws/aws_helper.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
import json
from dataclasses import dataclass
from os import environ
from time import sleep
from typing import Any, Dict, List, NamedTuple, Optional
from urllib.parse import urlparse

Expand Down Expand Up @@ -79,6 +81,35 @@ def get_session(prefix: str) -> boto3.Session:
return current_session


@dataclass
class AwsFrozenCredentials:
"""
work around as I couldn't find the type for get_frozen_credentials()
"""

access_key: str
secret_key: str
token: str


def get_session_credentials(prefix: str, retry_count: int = 3) -> AwsFrozenCredentials:
"""
Attempt to get credentials for a prefix, retrying upto retry_count amount of times
"""
last_error: Exception = Exception(f"Invalid retry count: {retry_count}")
for retry in range(1, retry_count + 1):
try:
# Get credentials may give differing access_key and secret_key
credentials: AwsFrozenCredentials = get_session(prefix).get_frozen_credentials()
return credentials
except client_sts.meta.client.exceptions.InvalidIdentityTokenException as e:
get_log().warn("bucket_load_retry", retry_count=retry)
sleep(0.5 * retry)
last_error = e

raise last_error


def _get_credential_config(prefix: str) -> Optional[CredentialSource]:
get_log().debug("get_credentials_bucket_name", prefix=prefix)
if not bucket_roles:
Expand Down
5 changes: 2 additions & 3 deletions scripts/gdal/gdal_helper.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

from linz_logger import get_log

from scripts.aws.aws_helper import get_session, is_s3
from scripts.aws.aws_helper import get_session_credentials, is_s3
from scripts.logging.time_helper import time_in_ms


Expand Down Expand Up @@ -60,8 +60,7 @@ def run_gdal(
if input_file:
if is_s3(input_file):
# Set the credentials for GDAL to be able to read the input file
session = get_session(input_file)
credentials = session.get_credentials()
credentials = get_session_credentials(input_file)
gdal_env["AWS_ACCESS_KEY_ID"] = credentials.access_key
gdal_env["AWS_SECRET_ACCESS_KEY"] = credentials.secret_key
gdal_env["AWS_SESSION_TOKEN"] = credentials.token
Expand Down