wt_s3_signer 1.0.1 → 1.0.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '0908117b872ba1badb9f010a76340c448fc21ff6aac26402579f783dcddea546'
4
- data.tar.gz: e5a36577aacaa1f5469c5d961819cd7c0d7750b95a290866b503868cc84b995e
3
+ metadata.gz: 799746837d300b12e2747c459c5d703d136f96f0dd9fb05dbd5319cac210c5f6
4
+ data.tar.gz: 45945fffb362ba6a0b8784b44374543c6355236a86ad88a639b9d85340ef791b
5
5
  SHA512:
6
- metadata.gz: 254e632e8d8f3eb272a454174c3fed5a4398f6eb8877e800ef23cb77f4769267f6fcb4bb1969fbd6d1dafc80210678e7946bffec4501bcb7b1b4bdf16c7b6a9d
7
- data.tar.gz: 4226038fc92b5d5241cc6b14954f9823b4b3ac97af292bba4a96534722a65aba83cd2c732c5b98d359e0c451bbd27efc06850411ed383cfb5080eeb347211585
6
+ metadata.gz: 8715283bb04556b1b9e73be4e4f465c257806a8ac9779785442e6f974f025e6124c12177fb297e3f6987161c7005dac466bb6d9f573c2058588939192e12fd01
7
+ data.tar.gz: 6d3ac4005a46e40802ac438574c0c4a746a09796fcc21dcfc05d870cb3d33e5850b20adaa04473611bf65cf44020be67ddcf63305612d04b3299dfb864ab0611
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## 1.0.2
2
+ * Release the singleton S3 client when AWS raises credential error to be able to use a new credential next time
3
+
1
4
  ## 1.0.1
2
5
  * Set `instance_profile_credentials_retries` to 5 in the S3::Client instance to prevent "missing credentials" errors
3
6
 
data/lib/wt_s3_signer.rb CHANGED
@@ -56,6 +56,14 @@ module WT
56
56
  kwargs[:session_token] = credentials.session_token
57
57
 
58
58
  new(**kwargs, **extra_attributes)
59
+ rescue Aws::S3::Errors::AccessDenied, Aws::Errors::MissingCredentialsError
60
+ # We noticed cases where errors related to AWS credentials started to happen suddenly.
61
+ # We don't know the root cause yet, but what we can do is release the
62
+ # @client instance because it contains a cache of credentials that in most cases
63
+ # is no longer valid.
64
+ @client = nil
65
+
66
+ raise
59
67
  end
60
68
 
61
69
  # Creates a new instance of WT::S3Signer
@@ -164,12 +172,6 @@ module WT
164
172
  @bucket_endpoint + canonical_uri + "?" + qs_with_signature
165
173
  end
166
174
 
167
- private
168
-
169
- def create_bucket(bucket_name)
170
- Aws::S3::Bucket.new(bucket_name)
171
- end
172
-
173
175
  # AWS gems have a mechanism to cache credentials internally. So take
174
176
  # advantage of this, it's necessary to use the same client instance.
175
177
  def self.client
@@ -179,7 +181,12 @@ module WT
179
181
  instance_profile_credentials_retries: 5,
180
182
  )
181
183
  end
182
- private_class_method :client
184
+
185
+ def self.client=(client)
186
+ @client = client
187
+ end
188
+
189
+ private
183
190
 
184
191
  def derive_signing_key(key, datestamp, region, service)
185
192
  prefixed_key = "AWS4" + key
@@ -1,5 +1,5 @@
1
1
  module WT
2
2
  class S3Signer
3
- VERSION = '1.0.1'
3
+ VERSION = '1.0.2'
4
4
  end
5
5
  end
@@ -62,5 +62,51 @@ describe WT::S3Signer do
62
62
  expect(presigned_url1).to include("X-Amz-Expires=174")
63
63
  expect(presigned_url2).to include("X-Amz-Expires=175")
64
64
  end
65
+
66
+ it 'releases the singleton client when AWS raises an access denied error' do
67
+ s3_client = Aws::S3::Client.new(stub_responses: true)
68
+ described_class.client = s3_client
69
+
70
+ s3_client.stub_responses(:get_object, body: 'is here')
71
+
72
+ # just to set @client internally
73
+ described_class.for_s3_bucket(bucket, expires_in: 174)
74
+
75
+ # now, let's simulate an error on AWS
76
+ s3_client.stub_responses(
77
+ :get_bucket_location,
78
+ Aws::S3::Errors::AccessDenied.new(_context = nil, _message = nil)
79
+ )
80
+
81
+ # exercise again
82
+ expect do
83
+ described_class.for_s3_bucket(bucket, expires_in: 174)
84
+ end.to raise_error(Aws::S3::Errors::AccessDenied)
85
+
86
+ expect(described_class.client).not_to be(s3_client)
87
+ end
88
+
89
+ it 'releases the singleton client when AWS raises a missing credentials error' do
90
+ s3_client = Aws::S3::Client.new(stub_responses: true)
91
+ described_class.client = s3_client
92
+
93
+ s3_client.stub_responses(:get_object, body: 'is here')
94
+
95
+ # just to set @client internally
96
+ described_class.for_s3_bucket(bucket, expires_in: 174)
97
+
98
+ # now, let's simulate an error on AWS
99
+ s3_client.stub_responses(
100
+ :get_bucket_location,
101
+ Aws::Errors::MissingCredentialsError.new(_context = nil, _message = nil)
102
+ )
103
+
104
+ # exercise again
105
+ expect do
106
+ described_class.for_s3_bucket(bucket, expires_in: 174)
107
+ end.to raise_error(Aws::Errors::MissingCredentialsError)
108
+
109
+ expect(described_class.client).not_to be(s3_client)
110
+ end
65
111
  end
66
112
  end
data/wt_s3_signer.gemspec CHANGED
@@ -21,4 +21,5 @@ Gem::Specification.new do |spec|
21
21
  spec.add_development_dependency "rspec", "~> 3.9"
22
22
  spec.add_development_dependency "rspec-benchmark", "~> 0.6"
23
23
  spec.add_development_dependency "rubocop"
24
+ spec.add_development_dependency "pry-byebug"
24
25
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wt_s3_signer
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Luca Suriano
@@ -95,6 +95,20 @@ dependencies:
95
95
  - - ">="
96
96
  - !ruby/object:Gem::Version
97
97
  version: '0'
98
+ - !ruby/object:Gem::Dependency
99
+ name: pry-byebug
100
+ requirement: !ruby/object:Gem::Requirement
101
+ requirements:
102
+ - - ">="
103
+ - !ruby/object:Gem::Version
104
+ version: '0'
105
+ type: :development
106
+ prerelease: false
107
+ version_requirements: !ruby/object:Gem::Requirement
108
+ requirements:
109
+ - - ">="
110
+ - !ruby/object:Gem::Version
111
+ version: '0'
98
112
  description: A Ruby Gem that optimize the signing of S3 keys. The gem is especially
99
113
  useful when dealing with a large amount of S3 object keys
100
114
  email: