nastra commented on code in PR #15678:
URL: https://github.com/apache/iceberg/pull/15678#discussion_r2959433002
##########
aws/src/main/java/org/apache/iceberg/aws/s3/S3FileIO.java:
##########
@@ -559,8 +664,21 @@ private boolean recoverObject(PrefixedS3Client client,
ObjectVersion version, St
@Override
public void setCredentials(List<StorageCredential> credentials) {
Preconditions.checkArgument(credentials != null, "Invalid storage
credentials: null");
+ // stop any refresh that might be scheduled
+ if (refreshFuture != null) {
+ refreshFuture.cancel(true);
+ }
+
// copy credentials into a modifiable collection for Kryo serde
this.storageCredentials = Lists.newArrayList(credentials);
+
+ // if the clients are already initialized, we need to close and allow them
to be recreated
Review Comment:
I think we might also want to add a test to `TestS3FileIO` to verify that
the clients are reset via
```
@Test
public void setCredentialsRefreshesClients() {
StorageCredential initialCredential =
StorageCredential.create(
"s3://custom-uri",
ImmutableMap.of(
"s3.access-key-id",
"initialKeyId",
"s3.secret-access-key",
"initialSecretKey",
"s3.session-token",
"initialSessionToken"));
S3FileIO fileIO = new S3FileIO();
fileIO.setCredentials(ImmutableList.of(initialCredential));
fileIO.initialize(ImmutableMap.of(AwsClientProperties.CLIENT_REGION,
"us-east-1"));
S3Client initialClient = fileIO.client("s3://custom-uri/table1");
assertThat(initialClient.serviceClientConfiguration())
.extracting(AwsServiceClientConfiguration::credentialsProvider)
.extracting(IdentityProvider::resolveIdentity)
.satisfies(
future -> {
AwsSessionCredentialsIdentity identity =
(AwsSessionCredentialsIdentity) future.get();
assertThat(identity.accessKeyId()).isEqualTo("initialKeyId");
assertThat(identity.secretAccessKey()).isEqualTo("initialSecretKey");
assertThat(identity.sessionToken()).isEqualTo("initialSessionToken");
});
StorageCredential refreshedCredential =
StorageCredential.create(
"s3://custom-uri",
ImmutableMap.of(
"s3.access-key-id",
"refreshedKeyId",
"s3.secret-access-key",
"refreshedSecretKey",
"s3.session-token",
"refreshedSessionToken"));
fileIO.setCredentials(ImmutableList.of(refreshedCredential));
S3Client refreshedClient = fileIO.client("s3://custom-uri/table1");
assertThat(refreshedClient).isNotSameAs(initialClient);
assertThat(refreshedClient.serviceClientConfiguration())
.extracting(AwsServiceClientConfiguration::credentialsProvider)
.extracting(IdentityProvider::resolveIdentity)
.satisfies(
x -> {
AwsSessionCredentialsIdentity identity =
(AwsSessionCredentialsIdentity) x.get();
assertThat(identity.accessKeyId()).isEqualTo("refreshedKeyId");
assertThat(identity.secretAccessKey()).isEqualTo("refreshedSecretKey");
assertThat(identity.sessionToken()).isEqualTo("refreshedSessionToken");
});
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
