wt_s3_signer 1.0.1 → 1.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '0908117b872ba1badb9f010a76340c448fc21ff6aac26402579f783dcddea546'
-  data.tar.gz: e5a36577aacaa1f5469c5d961819cd7c0d7750b95a290866b503868cc84b995e
+  metadata.gz: 799746837d300b12e2747c459c5d703d136f96f0dd9fb05dbd5319cac210c5f6
+  data.tar.gz: 45945fffb362ba6a0b8784b44374543c6355236a86ad88a639b9d85340ef791b
 SHA512:
-  metadata.gz: 254e632e8d8f3eb272a454174c3fed5a4398f6eb8877e800ef23cb77f4769267f6fcb4bb1969fbd6d1dafc80210678e7946bffec4501bcb7b1b4bdf16c7b6a9d
-  data.tar.gz: 4226038fc92b5d5241cc6b14954f9823b4b3ac97af292bba4a96534722a65aba83cd2c732c5b98d359e0c451bbd27efc06850411ed383cfb5080eeb347211585
+  metadata.gz: 8715283bb04556b1b9e73be4e4f465c257806a8ac9779785442e6f974f025e6124c12177fb297e3f6987161c7005dac466bb6d9f573c2058588939192e12fd01
+  data.tar.gz: 6d3ac4005a46e40802ac438574c0c4a746a09796fcc21dcfc05d870cb3d33e5850b20adaa04473611bf65cf44020be67ddcf63305612d04b3299dfb864ab0611

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+## 1.0.2
+* Release the singleton S3 client when AWS raises credential error to be able to use a new credential next time
+
 ## 1.0.1
 * Set `instance_profile_credentials_retries` to 5 in the S3::Client instance to prevent "missing credentials" errors
 

data/lib/wt_s3_signer.rb

@@ -56,6 +56,14 @@ module WT
       kwargs[:session_token] = credentials.session_token
 
       new(**kwargs, **extra_attributes)
+    rescue Aws::S3::Errors::AccessDenied, Aws::Errors::MissingCredentialsError
+      # We noticed cases where errors related to AWS credentials started to happen suddenly.
+      # We don't know the root cause yet, but what we can do is release the
+      # @client instance because it contains a cache of credentials that in most cases
+      # is no longer valid.
+      @client = nil
+
+      raise
     end
 
     # Creates a new instance of WT::S3Signer
@@ -164,12 +172,6 @@ module WT
       @bucket_endpoint + canonical_uri + "?" + qs_with_signature
     end
 
-    private
-
-    def create_bucket(bucket_name)
-      Aws::S3::Bucket.new(bucket_name)
-    end
-
     # AWS gems have a mechanism to cache credentials internally. So take
     # advantage of this, it's necessary to use the same client instance.
     def self.client
@@ -179,7 +181,12 @@ module WT
         instance_profile_credentials_retries: 5,
       )
     end
-    private_class_method :client
+
+    def self.client=(client)
+      @client = client
+    end
+
+    private
 
     def derive_signing_key(key, datestamp, region, service)
       prefixed_key = "AWS4" + key

data/lib/wt_s3_signer/version.rb

@@ -1,5 +1,5 @@
 module WT
   class S3Signer
-    VERSION = '1.0.1'
+    VERSION = '1.0.2'
   end
 end

data/spec/url_signing_spec.rb

@@ -62,5 +62,51 @@ describe WT::S3Signer do
       expect(presigned_url1).to include("X-Amz-Expires=174")
       expect(presigned_url2).to include("X-Amz-Expires=175")
     end
+
+    it 'releases the singleton client when AWS raises an access denied error' do
+      s3_client = Aws::S3::Client.new(stub_responses: true)
+      described_class.client = s3_client
+
+      s3_client.stub_responses(:get_object, body: 'is here')
+
+      # just to set @client internally
+      described_class.for_s3_bucket(bucket, expires_in: 174)
+
+      # now, let's simulate an error on AWS
+      s3_client.stub_responses(
+        :get_bucket_location,
+        Aws::S3::Errors::AccessDenied.new(_context = nil, _message = nil)
+      )
+
+      # exercise again
+      expect do
+        described_class.for_s3_bucket(bucket, expires_in: 174)
+      end.to raise_error(Aws::S3::Errors::AccessDenied)
+
+      expect(described_class.client).not_to be(s3_client)
+    end
+
+    it 'releases the singleton client when AWS raises a missing credentials error' do
+      s3_client = Aws::S3::Client.new(stub_responses: true)
+      described_class.client = s3_client
+
+      s3_client.stub_responses(:get_object, body: 'is here')
+
+      # just to set @client internally
+      described_class.for_s3_bucket(bucket, expires_in: 174)
+
+      # now, let's simulate an error on AWS
+      s3_client.stub_responses(
+        :get_bucket_location,
+        Aws::Errors::MissingCredentialsError.new(_context = nil, _message = nil)
+      )
+
+      # exercise again
+      expect do
+        described_class.for_s3_bucket(bucket, expires_in: 174)
+      end.to raise_error(Aws::Errors::MissingCredentialsError)
+
+      expect(described_class.client).not_to be(s3_client)
+    end
   end
 end

data/wt_s3_signer.gemspec

@@ -21,4 +21,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rspec", "~> 3.9"
   spec.add_development_dependency "rspec-benchmark", "~> 0.6"
   spec.add_development_dependency "rubocop"
+  spec.add_development_dependency "pry-byebug"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: wt_s3_signer
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.0.2
 platform: ruby
 authors:
 - Luca Suriano
@@ -95,6 +95,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A Ruby Gem that optimize the signing of S3 keys. The gem is especially
   useful when dealing with a large amount of S3 object keys
 email: