You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When ProfileCredentialsProvider is used it happens sometimes that some requests are using old/expired credentials.
Issue happens when few parallel requests are executed at the same time.
After some analyze it looks to me like both requests reach resolveCredentials in ProfileCredentialProviders at the same time.
Looks to me like synchronized code block for reloading credentials is not working correct:
public AwsCredentials resolveCredentials() {
if (loadException != null) {
throw loadException;
}
ProfileFile cachedOrRefreshedProfileFile = refreshProfileFile();
if (shouldUpdateCredentialsProvider(cachedOrRefreshedProfileFile)) {
synchronized (credentialsProviderLock) {
if (shouldUpdateCredentialsProvider(cachedOrRefreshedProfileFile)) {
currentProfileFile = cachedOrRefreshedProfileFile;
handleProfileFileReload(cachedOrRefreshedProfileFile);
}
}
}
return credentialsProvider.resolveCredentials();
}
In case first request detects file is changed and should update credentials provider - at first it set currentProfileFile to new one, and later reload the provider. If second parallel request reach this code block at the same time it see already new file and may return directly credentialsProvider.resolveCredentials() which will still use old credentialsProvider.
Expected Behavior
All requests use new credentials once credential file was changed.
Current Behavior
Some requests are using old credentials which may be already expired.
Reproduction Steps
As this issue does not happen all the time and depends on race condition it's occurring just in some cases.
To reproduce - CredentialsProvider is configured this way: DefaultCredentialsProvider.builder().profileFile(ProfileFileSupplier.reloadWhenModified(Paths.get(awsConfigFilePath), ProfileFile.Type.CREDENTIALS)) .build();
When trying to reproduce the AWS config files was changed and right after few parallel requests were send - in some cases it happened that one of the requests was using old credentials.
Possible Solution
No response
Additional Information/Context
No response
AWS Java SDK version used
awssdk 2.25.1
JDK version used
openjdk 17.0.8 2023-07-18 LTS
Operating System and version
Ubuntu 22.04
The text was updated successfully, but these errors were encountered:
Describe the bug
When ProfileCredentialsProvider is used it happens sometimes that some requests are using old/expired credentials.
Issue happens when few parallel requests are executed at the same time.
After some analyze it looks to me like both requests reach
resolveCredentials
in ProfileCredentialProviders at the same time.Looks to me like synchronized code block for reloading credentials is not working correct:
In case first request detects file is changed and should update credentials provider - at first it set currentProfileFile to new one, and later reload the provider. If second parallel request reach this code block at the same time it see already new file and may return directly
credentialsProvider.resolveCredentials()
which will still use old credentialsProvider.Expected Behavior
All requests use new credentials once credential file was changed.
Current Behavior
Some requests are using old credentials which may be already expired.
Reproduction Steps
As this issue does not happen all the time and depends on race condition it's occurring just in some cases.
To reproduce - CredentialsProvider is configured this way:
DefaultCredentialsProvider.builder().profileFile(ProfileFileSupplier.reloadWhenModified(Paths.get(awsConfigFilePath), ProfileFile.Type.CREDENTIALS)) .build();
When trying to reproduce the AWS config files was changed and right after few parallel requests were send - in some cases it happened that one of the requests was using old credentials.
Possible Solution
No response
Additional Information/Context
No response
AWS Java SDK version used
awssdk 2.25.1
JDK version used
openjdk 17.0.8 2023-07-18 LTS
Operating System and version
Ubuntu 22.04
The text was updated successfully, but these errors were encountered: