Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package aws-c-auth for openSUSE:Factory
checked in at 2025-01-23 18:05:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/aws-c-auth (Old)
and /work/SRC/openSUSE:Factory/.aws-c-auth.new.5589 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aws-c-auth"
Thu Jan 23 18:05:46 2025 rev:14 rq:1239856 version:0.8.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/aws-c-auth/aws-c-auth.changes 2024-10-27
11:25:27.958879404 +0100
+++ /work/SRC/openSUSE:Factory/.aws-c-auth.new.5589/aws-c-auth.changes
2025-01-23 18:06:48.603597174 +0100
@@ -1,0 +2,9 @@
+Wed Jan 22 16:14:03 UTC 2025 - John Paul Adrian Glaubitz
<adrian.glaub...@suse.com>
+
+- Update to version 0.8.1
+ * chore: Modified bug issue template to add checkbox to report
+ potential regression. by @ashishdhingra in (#252)
+ * Switch CI to use roles by @DmitriyMusatkin in (#256)
+ * Fix Retries for ECSCredentialsProvider by @waahm7 in (#259)
+
+-------------------------------------------------------------------
Old:
----
v0.8.0.tar.gz
New:
----
v0.8.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ aws-c-auth.spec ++++++
--- /var/tmp/diff_new_pack.iyoyT7/_old 2025-01-23 18:06:49.327627084 +0100
+++ /var/tmp/diff_new_pack.iyoyT7/_new 2025-01-23 18:06:49.331627249 +0100
@@ -20,7 +20,7 @@
%define library_pkg 1_0_0
%define library_soversion 1
Name: aws-c-auth
-Version: 0.8.0
+Version: 0.8.1
Release: 0
Summary: AWS C99 library implementation of AWS client-side
authentication
License: Apache-2.0
++++++ v0.8.0.tar.gz -> v0.8.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/aws-c-auth-0.8.0/.github/ISSUE_TEMPLATE/bug-report.yml
new/aws-c-auth-0.8.1/.github/ISSUE_TEMPLATE/bug-report.yml
--- old/aws-c-auth-0.8.0/.github/ISSUE_TEMPLATE/bug-report.yml 2024-10-23
19:05:03.000000000 +0200
+++ new/aws-c-auth-0.8.1/.github/ISSUE_TEMPLATE/bug-report.yml 2025-01-22
00:40:21.000000000 +0100
@@ -12,6 +12,14 @@
description: What is the problem? A clear and concise description of the
bug.
validations:
required: true
+ - type: checkboxes
+ id: regression
+ attributes:
+ label: Regression Issue
+ description: What is a regression? If it worked in a previous version
but doesn't in the latest version, it's considered a regression. In this case,
please provide specific version number in the report.
+ options:
+ - label: Select this option if this issue appears to be a regression.
+ required: false
- type: textarea
id: expected
attributes:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aws-c-auth-0.8.0/.github/workflows/ci.yml
new/aws-c-auth-0.8.1/.github/workflows/ci.yml
--- old/aws-c-auth-0.8.0/.github/workflows/ci.yml 2024-10-23
19:05:03.000000000 +0200
+++ new/aws-c-auth-0.8.1/.github/workflows/ci.yml 2025-01-22
00:40:21.000000000 +0100
@@ -6,19 +6,21 @@
- 'main'
env:
- BUILDER_VERSION: v0.9.64
+ BUILDER_VERSION: v0.9.72
BUILDER_SOURCE: releases
BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net
PACKAGE_NAME: aws-c-auth
LINUX_BASE_IMAGE: ubuntu-18-x64
RUN: ${{ github.run_id }}-${{ github.run_number }}
- AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
- AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- AWS_REGION: us-east-1
+ CRT_CI_ROLE: ${{ secrets.CRT_CI_ROLE_ARN }}
+ AWS_DEFAULT_REGION: us-east-1
+
+permissions:
+ id-token: write # This is required for requesting the JWT
jobs:
linux-compat:
- runs-on: ubuntu-20.04 # latest
+ runs-on: ubuntu-24.04 # latest
strategy:
fail-fast: false
matrix:
@@ -32,14 +34,18 @@
- opensuse-leap
- rhel8-x64
steps:
- # We can't use the `uses: docker://image` version yet, GitHub lacks
authentication for actions -> packages
+ - uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ env.CRT_CI_ROLE }}
+ aws-region: ${{ env.AWS_DEFAULT_REGION }}
+ # We can't use the `uses: docker://image` version yet, GitHub lacks
authentication for actions -> packages
- name: Build ${{ env.PACKAGE_NAME }}
run: |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION
}}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x
./linux-container-ci.sh
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{
matrix.image }} build -p ${{ env.PACKAGE_NAME }}
linux-compiler-compat:
- runs-on: ubuntu-20.04 # latest
+ runs-on: ubuntu-24.04 # latest
strategy:
fail-fast: false
matrix:
@@ -50,30 +56,46 @@
- clang-9
- clang-10
- clang-11
+ - clang-15
+ - clang-17
- gcc-4.8
- gcc-5
- gcc-6
- gcc-7
- gcc-8
+ - gcc-11
+ - gcc-13
steps:
- # We can't use the `uses: docker://image` version yet, GitHub lacks
authentication for actions -> packages
- - name: Build ${{ env.PACKAGE_NAME }}
- run: |
- aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION
}}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x
./linux-container-ci.sh
- ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{
env.LINUX_BASE_IMAGE }} build -p ${{ env.PACKAGE_NAME }} --compiler=${{
matrix.compiler }}
+ - uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ env.CRT_CI_ROLE }}
+ aws-region: ${{ env.AWS_DEFAULT_REGION }}
+ # We can't use the `uses: docker://image` version yet, GitHub lacks
authentication for actions -> packages
+ - name: Build ${{ env.PACKAGE_NAME }}
+ run: |
+ aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION
}}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x
./linux-container-ci.sh
+ ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{
env.LINUX_BASE_IMAGE }} build -p ${{ env.PACKAGE_NAME }} --compiler=${{
matrix.compiler }}
linux-shared-libs:
- runs-on: ubuntu-20.04 # latest
+ runs-on: ubuntu-24.04 # latest
steps:
- # We can't use the `uses: docker://image` version yet, GitHub lacks
authentication for actions -> packages
- - name: Build ${{ env.PACKAGE_NAME }}
- run: |
- aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION
}}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x
./linux-container-ci.sh
- ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{
env.LINUX_BASE_IMAGE }} build -p ${{ env.PACKAGE_NAME }}
--cmake-extra=-DBUILD_SHARED_LIBS=ON
+ - uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ env.CRT_CI_ROLE }}
+ aws-region: ${{ env.AWS_DEFAULT_REGION }}
+ # We can't use the `uses: docker://image` version yet, GitHub lacks
authentication for actions -> packages
+ - name: Build ${{ env.PACKAGE_NAME }}
+ run: |
+ aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION
}}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x
./linux-container-ci.sh
+ ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{
env.LINUX_BASE_IMAGE }} build -p ${{ env.PACKAGE_NAME }}
--cmake-extra=-DBUILD_SHARED_LIBS=ON
windows:
runs-on: windows-2022 # latest
steps:
+ - uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ env.CRT_CI_ROLE }}
+ aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
python -c "from urllib.request import urlretrieve; urlretrieve('${{
env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION
}}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
@@ -86,6 +108,10 @@
matrix:
arch: [x86, x64]
steps:
+ - uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ env.CRT_CI_ROLE }}
+ aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
python -c "from urllib.request import urlretrieve; urlretrieve('${{
env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION
}}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
@@ -94,6 +120,10 @@
windows-shared-libs:
runs-on: windows-2022 # latest
steps:
+ - uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ env.CRT_CI_ROLE }}
+ aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
python -c "from urllib.request import urlretrieve; urlretrieve('${{
env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION
}}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
@@ -102,6 +132,10 @@
windows-app-verifier:
runs-on: windows-2022 # latest
steps:
+ - uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ env.CRT_CI_ROLE }}
+ aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
python -c "from urllib.request import urlretrieve; urlretrieve('${{
env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION
}}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
@@ -113,6 +147,10 @@
macos:
runs-on: macos-14 # latest
steps:
+ - uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ env.CRT_CI_ROLE }}
+ aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{
env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION
}}/builder.pyz?run=${{ env.RUN }}', 'builder')"
@@ -122,6 +160,10 @@
macos-x64:
runs-on: macos-14-large # latest
steps:
+ - uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ env.CRT_CI_ROLE }}
+ aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{
env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION
}}/builder.pyz?run=${{ env.RUN }}', 'builder')"
@@ -131,10 +173,14 @@
# Test downstream repos.
# This should not be required because we can run into a chicken and egg
problem if there is a change that needs some fix in a downstream repo.
downstream:
- runs-on: ubuntu-20.04 # latest
+ runs-on: ubuntu-24.04 # latest
steps:
- # We can't use the `uses: docker://image` version yet, GitHub lacks
authentication for actions -> packages
- - name: Build ${{ env.PACKAGE_NAME }}
- run: |
- aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION
}}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x
./linux-container-ci.sh
- ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{
env.LINUX_BASE_IMAGE }} build downstream -p ${{ env.PACKAGE_NAME }}
+ - uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ env.CRT_CI_ROLE }}
+ aws-region: ${{ env.AWS_DEFAULT_REGION }}
+ # We can't use the `uses: docker://image` version yet, GitHub lacks
authentication for actions -> packages
+ - name: Build ${{ env.PACKAGE_NAME }}
+ run: |
+ aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION
}}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x
./linux-container-ci.sh
+ ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{
env.LINUX_BASE_IMAGE }} build downstream -p ${{ env.PACKAGE_NAME }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aws-c-auth-0.8.0/.github/workflows/codecov.yml
new/aws-c-auth-0.8.1/.github/workflows/codecov.yml
--- old/aws-c-auth-0.8.0/.github/workflows/codecov.yml 2024-10-23
19:05:03.000000000 +0200
+++ new/aws-c-auth-0.8.1/.github/workflows/codecov.yml 2025-01-22
00:40:21.000000000 +0100
@@ -4,22 +4,28 @@
push:
env:
- BUILDER_VERSION: v0.9.55
+ BUILDER_VERSION: v0.9.72
BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net
BUILDER_SOURCE: releases
PACKAGE_NAME: aws-c-auth
- AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
- AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- AWS_REGION: us-east-1
+ CRT_CI_ROLE: ${{ secrets.CRT_CI_ROLE_ARN }}
+ AWS_DEFAULT_REGION: us-east-1
+
+permissions:
+ id-token: write # This is required for requesting the JWT
jobs:
codecov-linux:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
- - name: Checkout Sources
- uses: actions/checkout@v3
- - name: Build ${{ env.PACKAGE_NAME }} + consumers
- run: |
- python3 -c "from urllib.request import urlretrieve; urlretrieve('${{
env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION
}}/builder.pyz?run=${{ env.RUN }}', 'builder')"
- chmod a+x builder
- ./builder build -p ${{ env.PACKAGE_NAME }} --compiler=gcc-9
--cmake-extra=-DASSERT_LOCK_HELD=ON --coverage
+ - uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: ${{ env.CRT_CI_ROLE }}
+ aws-region: ${{ env.AWS_DEFAULT_REGION }}
+ - name: Checkout Sources
+ uses: actions/checkout@v4
+ - name: Build ${{ env.PACKAGE_NAME }} + consumers
+ run: |
+ python3 -c "from urllib.request import urlretrieve; urlretrieve('${{
env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION
}}/builder.pyz?run=${{ env.RUN }}', 'builder')"
+ chmod a+x builder
+ ./builder build -p ${{ env.PACKAGE_NAME }} --compiler=gcc-9
--cmake-extra=-DASSERT_LOCK_HELD=ON --coverage
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/aws-c-auth-0.8.0/.github/workflows/issue-regression-labeler.yml
new/aws-c-auth-0.8.1/.github/workflows/issue-regression-labeler.yml
--- old/aws-c-auth-0.8.0/.github/workflows/issue-regression-labeler.yml
1970-01-01 01:00:00.000000000 +0100
+++ new/aws-c-auth-0.8.1/.github/workflows/issue-regression-labeler.yml
2025-01-22 00:40:21.000000000 +0100
@@ -0,0 +1,32 @@
+# Apply potential regression label on issues
+name: issue-regression-label
+on:
+ issues:
+ types: [opened, edited]
+jobs:
+ add-regression-label:
+ runs-on: ubuntu-latest
+ permissions:
+ issues: write
+ steps:
+ - name: Fetch template body
+ id: check_regression
+ uses: actions/github-script@v7
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ TEMPLATE_BODY: ${{ github.event.issue.body }}
+ with:
+ script: |
+ const regressionPattern = /\[x\] Select this option if this issue
appears to be a regression\./i;
+ const template = `${process.env.TEMPLATE_BODY}`
+ const match = regressionPattern.test(template);
+ core.setOutput('is_regression', match);
+ - name: Manage regression label
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ run: |
+ if [ "${{ steps.check_regression.outputs.is_regression }}" == "true"
]; then
+ gh issue edit ${{ github.event.issue.number }} --add-label
"potential-regression" -R ${{ github.repository }}
+ else
+ gh issue edit ${{ github.event.issue.number }} --remove-label
"potential-regression" -R ${{ github.repository }}
+ fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/aws-c-auth-0.8.0/source/credentials_provider_ecs.c
new/aws-c-auth-0.8.1/source/credentials_provider_ecs.c
--- old/aws-c-auth-0.8.0/source/credentials_provider_ecs.c 2024-10-23
19:05:03.000000000 +0200
+++ new/aws-c-auth-0.8.1/source/credentials_provider_ecs.c 2025-01-22
00:40:21.000000000 +0100
@@ -32,6 +32,8 @@
#define ECS_RESPONSE_SIZE_INITIAL 2048
#define ECS_RESPONSE_SIZE_LIMIT 10000
#define ECS_CONNECT_TIMEOUT_DEFAULT_IN_SECONDS 2
+#define ECS_MAX_ATTEMPTS 3
+#define ECS_RETRY_TIMEOUT_MS 100
AWS_STATIC_STRING_FROM_LITERAL(s_ecs_creds_env_token_file,
"AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE");
AWS_STATIC_STRING_FROM_LITERAL(s_ecs_creds_env_token,
"AWS_CONTAINER_AUTHORIZATION_TOKEN");
@@ -49,6 +51,7 @@
struct aws_string *auth_token_file_path;
struct aws_string *auth_token;
struct aws_client_bootstrap *bootstrap;
+ struct aws_retry_strategy *retry_strategy;
bool is_https;
};
@@ -62,6 +65,7 @@
aws_on_get_credentials_callback_fn *original_callback;
void *original_user_data;
struct aws_byte_buf auth_token;
+ struct aws_retry_token *retry_token;
/* mutable */
struct aws_http_connection *connection;
@@ -71,6 +75,25 @@
int error_code;
};
+/* called in between retries. */
+static void s_ecs_user_data_reset_request_specific_data(struct
aws_credentials_provider_ecs_user_data *user_data) {
+ if (user_data->request) {
+ aws_http_message_release(user_data->request);
+ user_data->request = NULL;
+ }
+ if (user_data->connection) {
+ struct aws_credentials_provider_ecs_impl *impl =
user_data->ecs_provider->impl;
+ int result =
impl->function_table->aws_http_connection_manager_release_connection(
+ impl->connection_manager, user_data->connection);
+ (void)result;
+ AWS_ASSERT(result == AWS_OP_SUCCESS);
+ user_data->connection = NULL;
+ }
+ aws_byte_buf_reset(&user_data->current_result, false);
+ user_data->status_code = 0;
+ user_data->error_code = 0;
+}
+
static void s_aws_credentials_provider_ecs_user_data_destroy(struct
aws_credentials_provider_ecs_user_data *user_data) {
if (user_data == NULL) {
return;
@@ -85,6 +108,7 @@
aws_byte_buf_clean_up(&user_data->auth_token);
aws_byte_buf_clean_up(&user_data->current_result);
+ aws_retry_token_release(user_data->retry_token);
if (user_data->request) {
aws_http_message_destroy(user_data->request);
@@ -141,16 +165,7 @@
return NULL;
}
-static void s_aws_credentials_provider_ecs_user_data_reset_response(
- struct aws_credentials_provider_ecs_user_data *ecs_user_data) {
- ecs_user_data->current_result.len = 0;
- ecs_user_data->status_code = 0;
-
- if (ecs_user_data->request) {
- aws_http_message_destroy(ecs_user_data->request);
- ecs_user_data->request = NULL;
- }
-}
+static void s_on_retry_ready(struct aws_retry_token *token, int error_code,
void *user_data);
/*
* In general, the ECS document looks something like:
@@ -192,20 +207,44 @@
AWS_LS_AUTH_CREDENTIALS_PROVIDER,
"(id=%p) ECS credentials provider successfully queried instance
role credentials",
(void *)ecs_user_data->ecs_provider);
+
+ int result =
aws_retry_token_record_success(ecs_user_data->retry_token);
+ (void)result;
+ AWS_ASSERT(result == AWS_ERROR_SUCCESS);
} else {
- /* no credentials, make sure we have a valid error to report */
- if (ecs_user_data->error_code == AWS_ERROR_SUCCESS) {
- ecs_user_data->error_code = aws_last_error();
- if (ecs_user_data->error_code == AWS_ERROR_SUCCESS) {
- ecs_user_data->error_code =
AWS_AUTH_CREDENTIALS_PROVIDER_ECS_SOURCE_FAILURE;
- }
- }
AWS_LOGF_WARN(
AWS_LS_AUTH_CREDENTIALS_PROVIDER,
"(id=%p) ECS credentials provider failed to query instance role
credentials with error %d(%s)",
(void *)ecs_user_data->ecs_provider,
ecs_user_data->error_code,
aws_error_str(ecs_user_data->error_code));
+ enum aws_retry_error_type error_type =
+
aws_credentials_provider_compute_retry_error_type(ecs_user_data->status_code,
ecs_user_data->error_code);
+
+ /* don't retry client errors at all. */
+ if (error_type != AWS_RETRY_ERROR_TYPE_CLIENT_ERROR &&
ecs_user_data->retry_token != NULL) {
+ if (aws_retry_strategy_schedule_retry(
+ ecs_user_data->retry_token, error_type, s_on_retry_ready,
ecs_user_data) == AWS_OP_SUCCESS) {
+ AWS_LOGF_INFO(
+ AWS_LS_AUTH_CREDENTIALS_PROVIDER,
+ "(id=%p): successfully scheduled a retry",
+ (void *)ecs_user_data->ecs_provider);
+ return;
+ } else
+ AWS_LOGF_ERROR(
+ AWS_LS_AUTH_CREDENTIALS_PROVIDER,
+ "(id=%p): failed to schedule retry: %s",
+ (void *)ecs_user_data->ecs_provider,
+ aws_error_str(aws_last_error()));
+ ecs_user_data->error_code = aws_last_error();
+ }
+ /* make sure we have a valid error to report */
+ if (ecs_user_data->error_code == AWS_ERROR_SUCCESS) {
+ ecs_user_data->error_code = aws_last_error();
+ if (ecs_user_data->error_code == AWS_ERROR_SUCCESS) {
+ ecs_user_data->error_code =
AWS_AUTH_CREDENTIALS_PROVIDER_ECS_SOURCE_FAILURE;
+ }
+ }
}
/* pass the credentials back */
@@ -434,9 +473,6 @@
struct aws_credentials_provider_ecs_impl *impl =
ecs_user_data->ecs_provider->impl;
- /* "Clear" the result */
- s_aws_credentials_provider_ecs_user_data_reset_response(ecs_user_data);
-
struct aws_byte_cursor uri_cursor =
aws_byte_cursor_from_string(impl->path_and_query);
if (s_make_ecs_http_query(ecs_user_data, &uri_cursor) == AWS_OP_ERR) {
s_ecs_finalize_get_credentials_query(ecs_user_data);
@@ -464,6 +500,59 @@
s_ecs_query_task_role_credentials(ecs_user_data);
}
+/* called for each retry. */
+static void s_on_retry_ready(struct aws_retry_token *token, int error_code,
void *user_data) {
+ (void)token;
+ struct aws_credentials_provider_ecs_user_data *ecs_user_data = user_data;
+
+ if (error_code) {
+ AWS_LOGF_WARN(
+ AWS_LS_AUTH_CREDENTIALS_PROVIDER,
+ "id=%p: ECS provider failed to acquire a connection, error code
%d(%s)",
+ (void *)ecs_user_data->ecs_provider,
+ error_code,
+ aws_error_str(error_code));
+
+ ecs_user_data->error_code = error_code;
+ s_ecs_finalize_get_credentials_query(ecs_user_data);
+ return;
+ }
+
+ /* clear the result from previous attempt */
+ s_ecs_user_data_reset_request_specific_data(ecs_user_data);
+
+ struct aws_credentials_provider_ecs_impl *impl =
ecs_user_data->ecs_provider->impl;
+ impl->function_table->aws_http_connection_manager_acquire_connection(
+ impl->connection_manager, s_ecs_on_acquire_connection, ecs_user_data);
+}
+
+static void s_on_retry_token_acquired(
+ struct aws_retry_strategy *strategy,
+ int error_code,
+ struct aws_retry_token *token,
+ void *user_data) {
+ (void)strategy;
+ struct aws_credentials_provider_ecs_user_data *ecs_user_data = user_data;
+
+ if (error_code) {
+ AWS_LOGF_WARN(
+ AWS_LS_AUTH_CREDENTIALS_PROVIDER,
+ "id=%p: ECS provider failed to acquire a connection, error code
%d(%s)",
+ (void *)ecs_user_data->ecs_provider,
+ error_code,
+ aws_error_str(error_code));
+
+ ecs_user_data->error_code = error_code;
+ s_ecs_finalize_get_credentials_query(ecs_user_data);
+ return;
+ }
+
+ ecs_user_data->retry_token = token;
+ struct aws_credentials_provider_ecs_impl *impl =
ecs_user_data->ecs_provider->impl;
+ impl->function_table->aws_http_connection_manager_acquire_connection(
+ impl->connection_manager, s_ecs_on_acquire_connection, ecs_user_data);
+}
+
/*
* The resolved IP address must satisfy one of the following:
* 1. within the loopback CIDR (IPv4 127.0.0.0/8, IPv6 ::1/128)
@@ -531,9 +620,18 @@
goto on_error;
}
}
+
struct aws_credentials_provider_ecs_impl *impl =
ecs_user_data->ecs_provider->impl;
- impl->function_table->aws_http_connection_manager_acquire_connection(
- impl->connection_manager, s_ecs_on_acquire_connection, ecs_user_data);
+
+ if (aws_retry_strategy_acquire_retry_token(
+ impl->retry_strategy, NULL, s_on_retry_token_acquired,
ecs_user_data, ECS_RETRY_TIMEOUT_MS)) {
+ AWS_LOGF_ERROR(
+ AWS_LS_AUTH_CREDENTIALS_PROVIDER,
+ "(id=%p): failed to acquire retry token: %s",
+ (void *)ecs_user_data->ecs_provider,
+ aws_error_debug_str(aws_last_error()));
+ goto on_error;
+ }
return;
on_error:
@@ -562,11 +660,19 @@
if (wrapped_user_data == NULL) {
goto error;
}
- /* No need to verify the host IP address if the connection is using HTTPS
or the ECS container host (relative URI)
+ /* No need to verify the host IP address if the connection is using HTTPS
or the ECS container host (relative
+ * URI)
*/
if (impl->is_https || aws_string_eq(impl->host, s_ecs_host)) {
- impl->function_table->aws_http_connection_manager_acquire_connection(
- impl->connection_manager, s_ecs_on_acquire_connection,
wrapped_user_data);
+ if (aws_retry_strategy_acquire_retry_token(
+ impl->retry_strategy, NULL, s_on_retry_token_acquired,
wrapped_user_data, ECS_RETRY_TIMEOUT_MS)) {
+ AWS_LOGF_ERROR(
+ AWS_LS_AUTH_CREDENTIALS_PROVIDER,
+ "(id=%p): failed to acquire retry token: %s",
+ (void *)wrapped_user_data->ecs_provider,
+ aws_error_debug_str(aws_last_error()));
+ goto error;
+ }
} else if (aws_host_resolver_resolve_host(
impl->bootstrap->host_resolver,
impl->host,
@@ -594,6 +700,7 @@
aws_string_destroy(impl->auth_token);
aws_string_destroy(impl->auth_token_file_path);
aws_string_destroy(impl->host);
+ aws_retry_strategy_release(impl->retry_strategy);
aws_client_bootstrap_release(impl->bootstrap);
/* aws_http_connection_manager_release will eventually leads to call of
s_on_connection_manager_shutdown,
@@ -724,6 +831,15 @@
goto on_error;
}
+ struct aws_standard_retry_options retry_options = {
+ .backoff_retry_options =
+ {
+ .el_group = options->bootstrap->event_loop_group,
+ .max_retries = ECS_MAX_ATTEMPTS,
+ },
+ };
+ impl->retry_strategy = aws_retry_strategy_new_standard(allocator,
&retry_options);
+
provider->shutdown_options = options->shutdown_options;
aws_tls_connection_options_clean_up(&tls_connection_options);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/aws-c-auth-0.8.0/tests/credentials_provider_ecs_tests.c
new/aws-c-auth-0.8.1/tests/credentials_provider_ecs_tests.c
--- old/aws-c-auth-0.8.0/tests/credentials_provider_ecs_tests.c 2024-10-23
19:05:03.000000000 +0200
+++ new/aws-c-auth-0.8.1/tests/credentials_provider_ecs_tests.c 2025-01-22
00:40:21.000000000 +0100
@@ -35,6 +35,7 @@
struct aws_string *request_path_and_query;
struct aws_string *request_authorization_header;
struct aws_string *selected_host;
+ int attempts;
struct aws_array_list response_data_callbacks;
bool is_connection_acquire_successful;
@@ -173,10 +174,14 @@
(void)client_connection;
(void)options;
+ s_tester.attempts++;
struct aws_byte_cursor path;
AWS_ZERO_STRUCT(path);
aws_http_message_get_request_path(options->request, &path);
-
+ if (s_tester.request_path_and_query != NULL) {
+ aws_string_destroy(s_tester.request_path_and_query);
+ s_tester.request_path_and_query = NULL;
+ }
s_tester.request_path_and_query =
aws_string_new_from_cursor(s_tester.allocator, &path);
struct aws_byte_cursor authorization_header_value;
AWS_ZERO_STRUCT(authorization_header_value);
@@ -184,6 +189,10 @@
aws_http_message_get_headers(options->request),
aws_byte_cursor_from_c_str("Authorization"),
&authorization_header_value) == AWS_OP_SUCCESS) {
+ if (s_tester.request_authorization_header != NULL) {
+ aws_string_destroy(s_tester.request_authorization_header);
+ s_tester.request_authorization_header = NULL;
+ }
s_tester.request_authorization_header =
aws_string_new_from_cursor(s_tester.allocator,
&authorization_header_value);
}
@@ -431,6 +440,7 @@
ASSERT_TRUE(s_tester.has_received_credentials_callback == true);
ASSERT_TRUE(s_tester.credentials == NULL);
ASSERT_UINT_EQUALS(443, s_tester.selected_port);
+ ASSERT_UINT_EQUALS(4, s_tester.attempts);
aws_mutex_unlock(&s_tester.lock);
aws_credentials_provider_release(provider);
@@ -766,8 +776,7 @@
"https://www.xxx123321testmocknonexsitingawsservice.com:443/path/to/resource/?a=b&c=d";,
aws_string_c_str(auth_token)));
- aws_string_destroy(s_tester.request_path_and_query);
- aws_string_destroy(s_tester.request_authorization_header);
+ s_tester.has_received_credentials_callback = false;
aws_credentials_release(s_tester.credentials);
aws_mutex_unlock(&s_tester.lock);
