From 153fdffa03fb96c2dd55a440a8a22368081d3ea6 Mon Sep 17 00:00:00 2001 From: Theodore Tsirpanis Date: Wed, 18 Sep 2024 00:12:11 +0300 Subject: [PATCH] Address PR feedback and clean-up. --- .../source/auth/SSOCredentialsProvider.cpp | 28 ++++++++----------- .../SSOBearerTokenProvider.cpp | 26 +++++------------ 2 files changed, 19 insertions(+), 35 deletions(-) diff --git a/src/aws-cpp-sdk-core/source/auth/SSOCredentialsProvider.cpp b/src/aws-cpp-sdk-core/source/auth/SSOCredentialsProvider.cpp index 68c20ff87af..052083e64bd 100644 --- a/src/aws-cpp-sdk-core/source/auth/SSOCredentialsProvider.cpp +++ b/src/aws-cpp-sdk-core/source/auth/SSOCredentialsProvider.cpp @@ -36,12 +36,21 @@ SSOCredentialsProvider::SSOCredentialsProvider(const Aws::String& profile) : SSO { } -SSOCredentialsProvider::SSOCredentialsProvider(const Aws::String& profile, const std::shared_ptr config) : +SSOCredentialsProvider::SSOCredentialsProvider(const Aws::String& profile, std::shared_ptr config) : m_profileToUse(profile), m_bearerTokenProvider(profile), - m_config(config) + m_config(std::move(config)) { AWS_LOGSTREAM_INFO(SSO_CREDENTIALS_PROVIDER_LOG_TAG, "Setting sso credentials provider to read config from " << m_profileToUse); + if (!m_config) + { + auto defaultConfig = Aws::MakeShared(SSO_CREDENTIALS_PROVIDER_LOG_TAG); + defaultConfig->scheme = Aws::Http::Scheme::HTTPS; + // We cannot set region to m_ssoRegion because it is not yet known at this point. But it's not obtained from the client config either way. + Aws::Vector retryableErrors{ "TooManyRequestsException" }; + defaultConfig->retryStrategy = Aws::MakeShared(SSO_CREDENTIALS_PROVIDER_LOG_TAG, std::move(retryableErrors), 3/*maxRetries*/); + m_config = std::move(defaultConfig); + } } AWSCredentials SSOCredentialsProvider::GetAWSCredentials() @@ -85,20 +94,7 @@ void SSOCredentialsProvider::Reload() request.m_ssoRoleName = profile.GetSsoRoleName(); request.m_accessToken = accessToken; - Aws::Client::ClientConfiguration defaultConfig; - if (!m_config) - { - defaultConfig.scheme = Aws::Http::Scheme::HTTPS; - defaultConfig.region = m_ssoRegion; - AWS_LOGSTREAM_DEBUG(SSO_CREDENTIALS_PROVIDER_LOG_TAG, "Passing config to client for region: " << m_ssoRegion); - - Aws::Vector retryableErrors; - retryableErrors.push_back("TooManyRequestsException"); - - defaultConfig.retryStrategy = Aws::MakeShared(SSO_CREDENTIALS_PROVIDER_LOG_TAG, retryableErrors, 3/*maxRetries*/); - } - const Aws::Client::ClientConfiguration& config = m_config ? *m_config : defaultConfig; - m_client = Aws::MakeUnique(SSO_CREDENTIALS_PROVIDER_LOG_TAG, config, Aws::Http::Scheme::HTTPS, m_ssoRegion); + m_client = Aws::MakeUnique(SSO_CREDENTIALS_PROVIDER_LOG_TAG, *m_config, Aws::Http::Scheme::HTTPS, m_ssoRegion); AWS_LOGSTREAM_TRACE(SSO_CREDENTIALS_PROVIDER_LOG_TAG, "Requesting credentials with AWS_ACCESS_KEY: " << m_ssoAccountId); auto result = m_client->GetSSOCredentials(request); diff --git a/src/aws-cpp-sdk-core/source/auth/bearer-token-provider/SSOBearerTokenProvider.cpp b/src/aws-cpp-sdk-core/source/auth/bearer-token-provider/SSOBearerTokenProvider.cpp index 0a628f28687..0050d3c92de 100644 --- a/src/aws-cpp-sdk-core/source/auth/bearer-token-provider/SSOBearerTokenProvider.cpp +++ b/src/aws-cpp-sdk-core/source/auth/bearer-token-provider/SSOBearerTokenProvider.cpp @@ -27,24 +27,18 @@ static const char SSO_GRANT_TYPE[] = "refresh_token"; const size_t SSOBearerTokenProvider::REFRESH_WINDOW_BEFORE_EXPIRATION_S = 600; const size_t SSOBearerTokenProvider::REFRESH_ATTEMPT_INTERVAL_S = 30; -SSOBearerTokenProvider::SSOBearerTokenProvider() - : m_profileToUse(Aws::Auth::GetConfigProfileName()), - m_lastUpdateAttempt((int64_t) 0) +SSOBearerTokenProvider::SSOBearerTokenProvider() : SSOBearerTokenProvider(Aws::Auth::GetConfigProfileName(), nullptr) { - AWS_LOGSTREAM_INFO(SSO_BEARER_TOKEN_PROVIDER_LOG_TAG, "Setting sso bearerToken provider to read config from " << m_profileToUse); } -SSOBearerTokenProvider::SSOBearerTokenProvider(const Aws::String& awsProfile) - : m_profileToUse(awsProfile), - m_lastUpdateAttempt((int64_t) 0) +SSOBearerTokenProvider::SSOBearerTokenProvider(const Aws::String& awsProfile) : SSOBearerTokenProvider(awsProfile, nullptr) { - AWS_LOGSTREAM_INFO(SSO_BEARER_TOKEN_PROVIDER_LOG_TAG, "Setting sso bearerToken provider to read config from " << m_profileToUse); } SSOBearerTokenProvider::SSOBearerTokenProvider(const Aws::String& awsProfile, std::shared_ptr config) : m_profileToUse(awsProfile), - m_lastUpdateAttempt((int64_t)0), - m_config(config) + m_config(config ? std::move(config) : Aws::MakeShared(SSO_BEARER_TOKEN_PROVIDER_LOG_TAG)), + m_lastUpdateAttempt((int64_t)0) { AWS_LOGSTREAM_INFO(SSO_BEARER_TOKEN_PROVIDER_LOG_TAG, "Setting sso bearerToken provider to read config from " << m_profileToUse); } @@ -105,16 +99,10 @@ void SSOBearerTokenProvider::RefreshFromSso() /* The SSO token provider must not resolve if any SSO configuration values are present directly on the profile * instead of an `sso-session` section. The SSO token provider must ignore these configuration values if these * values are present directly on the profile instead of an `sso-session` section. */ - // config.region = m_profile.GetSsoRegion(); // <- intentionally not used per comment above + // auto& region = m_profile.GetSsoRegion(); // <- intentionally not used per comment above auto& region = cachedSsoToken.region; - Aws::Client::ClientConfiguration defaultConfig; - if (!m_config) - { - defaultConfig.scheme = scheme; - defaultConfig.region = region; - } - const Aws::Client::ClientConfiguration& config = m_config ? *m_config : defaultConfig; - m_client = Aws::MakeUnique(SSO_BEARER_TOKEN_PROVIDER_LOG_TAG, config, scheme, cachedSsoToken.region); + // m_config->region might not be the same as the SSO region, but the former is not used by the SSO client. + m_client = Aws::MakeUnique(SSO_BEARER_TOKEN_PROVIDER_LOG_TAG, *m_config, scheme, region); } Aws::Internal::SSOCredentialsClient::SSOCreateTokenRequest ssoCreateTokenRequest;