fix(2457): add retry logic to EcsCredentialProvider

.changes/nextrelease/support-retries-ecs-credentials-provider.json

@@ -0,0 +1,7 @@
+[
+    {
+        "type": "feature",
+        "category": "EcsCredentialsProvider",
+        "description": "Add support for retries in the ECS credentials provider"
+    }
+]

CONTRIBUTING.md

@@ -8,9 +8,9 @@ your [issues][] or [pull requests][pull-requests] through GitHub.
 
 Jump To:
 
-* [Bug Reports](_#Bug-Reports_)
-* [Feature Requests](_#Feature-Requests_)
-* [Code Contributions](_#Code-Contributions_)
+* [Bug Reports](#Bug-Reports)
+* [Feature Requests](#Feature-Requests)
+* [Code Contributions](#Code-Contributions)
 
 ## How to contribute
 

src/Credentials/EcsCredentialProvider.php

@@ -2,8 +2,10 @@
 namespace Aws\Credentials;
 
 use Aws\Exception\CredentialsException;
+use GuzzleHttp\Exception\ConnectException;
 use GuzzleHttp\Exception\GuzzleException;
 use GuzzleHttp\Psr7\Request;
+use GuzzleHttp\Promise;
 use GuzzleHttp\Promise\PromiseInterface;
 use Psr\Http\Message\ResponseInterface;
 
@@ -21,29 +23,41 @@ class EcsCredentialProvider
     const ENV_TIMEOUT = 'AWS_METADATA_SERVICE_TIMEOUT';
     const EKS_SERVER_HOST_IPV4 = '169.254.170.23';
     const EKS_SERVER_HOST_IPV6 = 'fd00:ec2::23';
+    const ENV_RETRIES = 'AWS_METADATA_SERVICE_NUM_ATTEMPTS';
+
+    const DEFAULT_ENV_TIMEOUT = 1.0;
+    const DEFAULT_ENV_RETRIES = 3;
 
     /** @var callable */
     private $client;
 
     /** @var float|mixed */
     private $timeout;
 
+    /** @var int */
+    private $retries;
+
+    /** @var int */
+    private $attempts;
+
     /**
      *  The constructor accepts following options:
      *  - timeout: (optional) Connection timeout, in seconds, default 1.0
+     *  - retries: Optional number of retries to be attempted, default 3.
      *  - client: An EcsClient to make request from
      *
      * @param array $config Configuration options
      */
     public function __construct(array $config = [])
     {
-        $timeout = getenv(self::ENV_TIMEOUT);
+        $this->timeout = (float) isset($config['timeout'])
+            ? $config['timeout']
+            : (getenv(self::ENV_TIMEOUT) ?: self::DEFAULT_ENV_TIMEOUT);
+        $this->retries = (int) isset($config['retries'])
+            ? $config['retries']
+            : ((int) getenv(self::ENV_RETRIES) ?: self::DEFAULT_ENV_RETRIES);
+        $this->attempts = 0;
 
-        if (!$timeout) {
-            $timeout = $_SERVER[self::ENV_TIMEOUT] ?? ($config['timeout'] ?? 1.0);
-        }
-
-        $this->timeout = (float) $timeout;
         $this->client = $config['client'] ?? \Aws\default_http_handler();
     }
 
@@ -55,40 +69,68 @@ public function __construct(array $config = [])
      */
     public function __invoke()
     {
-        $client = $this->client;
-        $uri = self::getEcsUri();
+        $this->attempts = 0;
+
+        $uri = $this->getEcsUri();
 
         if ($this->isCompatibleUri($uri)) {
-            $request = new Request('GET', $uri);
-
-            $headers = $this->getHeadersForAuthToken();
-            return $client(
-                $request,
-                [
-                    'timeout' => $this->timeout,
-                    'proxy' => '',
-                    'headers' => $headers
-                ]
-            )->then(function (ResponseInterface $response) {
-                $result = $this->decodeResult((string) $response->getBody());
-                return new Credentials(
-                    $result['AccessKeyId'],
-                    $result['SecretAccessKey'],
-                    $result['Token'],
-                    strtotime($result['Expiration'])
-                );
-            })->otherwise(function ($reason) {
-                $reason = is_array($reason) ? $reason['exception'] : $reason;
-                $msg = $reason->getMessage();
-                throw new CredentialsException(
-                    "Error retrieving credentials from container metadata ($msg)"
-                );
+            return Promise\Coroutine::of(function () {
+                $client = $this->client;
+                $request = new Request('GET', $this->getEcsUri());
+
+                $headers = $this->getHeadersForAuthToken();
+
+                $credentials = null;
+
+                while ($credentials === null) {
+                    $credentials = (yield $client(
+                        $request,
+                        [
+                            'timeout' => $this->timeout,
+                            'proxy' => '',
+                            'headers' => $headers,
+                        ]
+                    )->then(function (ResponseInterface $response) {
+                        $result = $this->decodeResult((string)$response->getBody());
+                        return new Credentials(
+                            $result['AccessKeyId'],
+                            $result['SecretAccessKey'],
+                            $result['Token'],
+                            strtotime($result['Expiration'])
+                        );
+                    })->otherwise(function ($reason) {
+                        $reason = is_array($reason) ? $reason['exception'] : $reason;
+
+                        $isRetryable = $reason instanceof ConnectException;
+                        if ($isRetryable && ($this->attempts < $this->retries)) {
+                            sleep((int)pow(1.2, $this->attempts));
+                        } else {
+                            $msg = $reason->getMessage();
+                            throw new CredentialsException(
+                                sprintf('Error retrieving credentials from container metadata after attempt %d/%d (%s)', $this->attempts, $this->retries, $msg)
+                            );
+                        }
+                    }));
+                    $this->attempts++;
+                }
+
+                yield $credentials;
             });
         }
 
         throw new CredentialsException("Uri '{$uri}' contains an unsupported host.");
     }
 
+    /**
+     * Returns the number of attempts that have been done.
+     *
+     * @return int
+     */
+    public function getAttempts(): int
+    {
+        return $this->attempts;
+    }
+
     /**
      * Retrieves authorization token.
      *
@@ -158,7 +200,7 @@ private function getEcsUri()
             if (!empty($credFullUri))
                 return $credFullUri;
         }
-        
+
         return self::SERVER_URI . $credsUri;
     }