[CDRIVER-4439] Cache AWS Credentials Where Possible Created: 27/Jul/22  Updated: 28/Oct/23  Resolved: 23/Feb/23

Status: Closed
Project: C Driver
Component/s: Authentication
Affects Version/s: None
Fix Version/s: 1.24.0

Type: New Feature Priority: Unknown
Reporter: PM Bot Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by PHPC-2158 Cache AWS Credentials Where Possible Closed
Issue split
split from DRIVERS-2333 Cache AWS Credentials Where Possible Closed
Related
related to CDRIVER-4518 Ensure Auth Environment Variables are... Backlog
Quarter: FY23Q4, FY24Q1
Upstream Changes Summary:

DRIVERS-2333:
Summary of required changes

  • Create an internal cache for fetched AWS credentials used by the driver
  • Add integration tests to verify cache usage

Additional background

Please see https://github.com/mongodb/specifications/commit/364761d3dae5e430b0812f23786b592f4bb629c1 for the specification change and https://github.com/mongodb/specifications/commit/745e486dd03f0d724c68593bf9ddb017d2d58fa6 for a follow-up to tests.

Please see https://github.com/mongodb/mongo-csharp-driver/commit/3d67e80c3553051286afed4c3e7ba7aabcf7cba3 for a reference implementation in C#.

Integration test

Drivers are expected to add an integration test as described in the specification change


 Description   

This ticket was split from DRIVERS-2333, please see that ticket for a detailed description.



 Comments   
Comment by Githook User [ 23/Feb/23 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: CDRIVER-4439 add AWS credential cache (#1207)

  • add test-awsauth

test-awsauth is intended to replace mongoc-ping in AWS tests.
test-awsauth will include caching tests specific to AWS.

  • unconditionally define _mongoc_aws_credentials_cleanup

There is no reason to condition on the presence of ENABLE_MONGODB_AWS_AUTH

Removing reduces duplicate definitions.

  • add AWS credential cache

add _mongoc_aws_credentials_copy_to

add _mongoc_aws_credentials_cache_t

  • use AWS credential cache
  • use test-awsauth in Evergreen
  • remove outdated docs of optional variables
  • fix docs to note TESTCASE is an env var
  • remove unnecessary additions runtime paths

test-awsauth statically links the C driver

  • use `mcd_timer` for expiration
  • remove unused vars
  • simplify bash scripts
  • fix comment for `expiration`
  • be more explicit about _mongoc_aws_credentials_cache_get behavior
  • rename helper to expiration_to_mcd_timer
  • compute in int64_t domain
  • remove unnecessary expiration vars
  • add MONGOC_AWS_CREDENTIALS_INIT macro
  • only initialize and cleanup AWS cache if AWS is enabled
  • remove unnecessary can_setenv
  • fix -Wmissing-braces warning
  • fix signature of test_aws_cache
  • do not support uninitialized creds in _mongoc_aws_credentials_cache_get
  • do not reuse creds after cleanup
Generated at Wed Feb 07 21:20:56 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.