Fix reload credentials not working when modified

[munendrasn]

Ensure defaultSupplier is used instead of fixedSupplier in case of defaultProfileFile.

I have updated the some places where defaultProfileFile was used along with fixedProfileSupplier with defaultSupplier

Motivation and Context

Fixes #4268

Modifications

Testing

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)

Checklist

• I have read the CONTRIBUTING document
• Local run of mvn install succeeds
• My code follows the code style of this project
• My change requires a change to the Javadoc documentation
• I have updated the Javadoc documentation accordingly
• I have added tests to cover my changes
• All new and existing tests passed
• I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
• My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

• I confirm that this pull request can be released under the Apache 2 license

[munendrasn]

@debora-ito @millems Please review, tagging you as changes includes to area that were updated by you recently. Please let me know if approach need to be modified

[munendrasn]

CI build failure seems to be unrelated to the PR, it is failing while setting the aws credentials. Please let me know if any setup or changes required

[munendrasn]

@anirudh9391 the CI build is failing in the setup.. please let me know if anything can be done to resolve it

[munendrasn]

Based on findings, the secrets apart from GITHUB_TOKEN is not available to PR from forked repository. actions/runner#3039

I don't have access to push the branch to this repository. @anirudh9391 would it be possible to pick these changes & create branch in this repo?

[anirudh9391]

Based on findings, the secrets apart from GITHUB_TOKEN is not available to PR from forked repository. actions/runner#3039

I don't have access to push the branch to this repository. @anirudh9391 would it be possible to pick these changes & create branch in this repo?

Yeah I can do that

[anirudh9391]

Can we provide a more meaningful comment here ? Like

"Configuring test with a Retry and backoff to ensure credential loading takes effect"

[L-Applin]

NIT: Could we also include a smal note about why we need to retry here? Something like "Waiting until file changes reach the SDK" or something like that?

[munendrasn]

@anirudh9391 @L-Applin sure, will update the note

[L-Applin]

Beside the small nit, I posted everything looks fine. I launched a run of the Codebuild jobs for the unit-tests and waiting for them to succeed

[L-Applin]

Actually, could you comment or remove these added logs? We can reactive them on demand in the future

[munendrasn]

Enabled the logs to debug the test failures, new test is intermittently failing in CI but succeeds in local setup
More context in this PR #5259

[L-Applin]

The new added test resolveCredentials_DefaultCredentialProviderWithReloadWhenModified fails on jdk8 11 and 17 consistently after exhausting all 4 retries:

16:51:31.970 [main] INFO  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Credential file with content [[default], aws_access_key_id = modifiedAccess, aws_secret_access_key = modifiedSecret] last modified at 2024-07-19T16:51:30.463244511Z
16:51:31.976 [main] WARN  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Assertion failed, Retrying count 1
16:51:33.476 [main] INFO  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Credential file with content [[default], aws_access_key_id = modifiedAccess, aws_secret_access_key = modifiedSecret] last modified at 2024-07-19T16:51:30.463244511Z
16:51:33.478 [main] WARN  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Assertion failed, Retrying count 2
16:51:34.978 [main] INFO  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Credential file with content [[default], aws_access_key_id = modifiedAccess, aws_secret_access_key = modifiedSecret] last modified at 2024-07-19T16:51:30.463244511Z
16:51:34.979 [main] WARN  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Assertion failed, Retrying count 3
16:51:36.479 [main] INFO  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Credential file with content [[default], aws_access_key_id = modifiedAccess, aws_secret_access_key = modifiedSecret] last modified at 2024-07-19T16:51:30.463244511Z
16:51:36.481 [main] WARN  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Assertion failed, Retrying count 4
16:51:37.981 [main] INFO  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Credential file with content [[default], aws_access_key_id = modifiedAccess, aws_secret_access_key = modifiedSecret] last modified at 2024-07-19T16:51:30.463244511Z

This would need to be resolved before we are able to merge this fix.

[munendrasn]

This would need to be resolved before we are able to merge this fix.

@L-Applin could you please share the link to CI build.. which would have additional logs to debug the issue further.. the ones from the PR seems to have failed because #5185 (comment)

[munendrasn]

@L-Applin @anirudh9391 would it be possible to share CI build or complete logs of the build with latest changes? The fork PR #5259 doesn't have latest changes

[L-Applin]

@L-Applin @anirudh9391 would it be possible to share CI build or complete logs of the build with latest changes? The fork PR #5259 doesn't have latest changes

Sure, I will rerun the tests and try to give you the logs today

[L-Applin]

Here is the relevant logs for the test failure:
log-events-viewer-result.txt

This test also fails locally for me, tested on java 17. Isn't it failing for you?

[munendrasn]

@L-Applin
Thanks for sharing the logs.

This test also fails locally for me, tested on java 17. Isn't it failing for you?

No, the tests are passing successfully in my local. I'm using Mac-Intel in my local..

From the logs,
initial log when the credentials were loaded

17:37:00.067 [main] WARN  software.amazon.awssdk.utils.cache.CachedSupplier - (ProfileFileSupplier()) Retrieved value expiration is in the past (2024-07-31T17:37:00.067393195Z). Using expiration of 2024-07-31T17:37:01.067758423Z

Log related to last time file got modified

17:37:01.574 [main] INFO  software.amazon.awssdk.auth.credentials.DefaultCredentialsProviderTest - Credential file with content [[default], aws_access_key_id = modifiedAccess, aws_secret_access_key = modifiedSecret] last modified at 2024-07-31T17:37:00.065874586Z

Please notice in the past (2024-07-31T17:37:00.067393195Z) and last modified at 2024-07-31T17:37:00.065874586Z. Based on the logs, the modified time seems to be in past.. although file was updated post the refresh.. AFAIK, Files.getLastModifiedTime considers the update time of file.. which is the case in local

To check whether ProfileFile need to be refreshed, same logic is used here

Files.getLastModifiedTime(credentialsFilePath2).toInstant();

New commit include additional logs for debugging, and sleep before file modification... if this doesn't work.. other option is explicitly override the lastModifiedTime

Something on these lines, please let me know if I should update this way.. In meantime, I trying to find more info on Files.getLastModifiedTime across platforms

        Path credentialsFilePath2 = generateTestCredentialsFile(parentDirectory,"modifiedAccess", "modifiedSecret");
        Instant lastModifiedTime = Files.getLastModifiedTime(credentialsFilePath2).toInstant();
        lastModifiedTime = lastModifiedTime.plus(5, ChronoUnit.MINUTES);
        Files.setLastModifiedTime(credentialsFilePath2, FileTime.from(lastModifiedTime));

[L-Applin]

No, the tests are passing successfully in my local. I'm using Mac-Intel in my local..

Huh, that interesting, I'm on mac-m1. I'm not sure what could cause this discrepancy either, i'll do some investigation on my end as well.

In the meantime, I'll re-run the unit tests Codebuild.

[sonarcloud]

Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[L-Applin]

please lower to debug log level, we tend to avoid info log level in the sdk

[munendrasn]

If the build is passing, Shall I remove this?
I added it only for debugging, There are few other logs which need to removed, or log level need to be changed

Also, instead of thread sleep.. in the tests should we cleanup and directly update the lastModifiedTime?

Path credentialsFilePath2 = generateTestCredentialsFile(parentDirectory,"modifiedAccess", "modifiedSecret");
        Instant lastModifiedTime = Files.getLastModifiedTime(credentialsFilePath2).toInstant();
        lastModifiedTime = lastModifiedTime.plus(5, ChronoUnit.MINUTES);
        Files.setLastModifiedTime(credentialsFilePath2, FileTime.from(lastModifiedTime));

[L-Applin]

I would avoid relying on platform dependant functionalities in unit tests. I'd keep the log, just at a debug level.

[munendrasn]

@L-Applin updated the logging, please review

[munendrasn]

@L-Applin Please let me know if any additional changes are required

[munendrasn]

@L-Applin The build error is due to same error mentioned here

[sonarcloud]

Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[munendrasn]

@L-Applin Build failure again due to secrets not being available to PR as I have the PR from the fork.. Please let me know if anything is required from my side

[munendrasn]

@L-Applin @anirudh9391 @debora-ito
could you please take a look? If we are not proceeding with this change, should we consider closing the PR?