[jira] [Commented] (JCLOUDS-1319) CredentialStore leaking

Thu, 13 Jul 2017 01:19:16 -0700 

    [ 
https://issues.apache.org/jira/browse/JCLOUDS-1319?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16085350#comment-16085350
 ] 

Ignasi Barrera commented on JCLOUDS-1319:
-----------------------------------------

Related discussion here: https://github.com/jclouds/jclouds/pull/1119

> CredentialStore leaking
> -----------------------
>
>                 Key: JCLOUDS-1319
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1319
>             Project: jclouds
>          Issue Type: Bug
>            Reporter: Graeme Miller
>            Priority: Critical
>
> The class CredentialStoreModule provides a CredentialStore to various 
> ComputeServices through the method provideCredentialStore. 
> provideCredentialStore creates the map using a backing map called BACKING 
> that is defined statically in CredentialStoreModule. What this means is that 
> although we are calling provideCredentialStore on the creation of each 
> ComputeService, we are sharing a map over ComputeServices. This may very well 
> be a deliberate design decision, I am not sure, but it is important to the 
> bug I am seeing.
> An issue arrises due to the class 
> GetLoginForProviderFromPropertiesAndStoreCredentialsOrReturnNull. This class 
> is used to provide default LoginCredentials when creating a ComputeService. 
> It checks the CredentialStore, and if there is nothing in it, it will create 
> the LoginCredentials and store them in the CredentialStore with a key called 
> 'image'. The problem is that the class 
> GetLoginForProviderFromPropertiesAndStoreCredentialsOrReturnNull is used by 
> multiple providers so they all use the key 'image'. 
> So, if you create a ComputeService for Azure ARM and then later one for AWS 
> it will use the LoginCredentials created for Azure ARM in the AWS 
> ComputeService. This causes an issue as these LoginCredentials are used in 
> EC2PopulateDefaultLoginCredentialsForImageStrategy to get the default user to 
> log in as. Azure ARM chooses jclouds as the default user, whereas AWS chooses 
> root. If you therefore create the Azure context and then the AWS context you 
> will end up using the wrong ssh user for AWS.
> Solutions:
> *) don't share CredentialStore across ComputerServices
> *) Store the LoginCredentials in the map against a key with the provider name 
> in it. 
> *) Don't store the LoginCredentials in the map at all, create it every time



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to