Giters

IBM / ibm-cos-sdk-java

ibm-cos-sdk-java

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

IAM Token retrieval in DefaultTokenProvider does not honor provided client settings

everlylfc opened this issue · comments

commented

I was having trouble applying connection timeouts to the overall flow of the code despite providing explicit values for client configuration which includes a connection timeout setting on the token provider, token manager, and the amazons3 client builder.

	private static final int S3_REQUEST_TIMEOUT_MS = 2000;
	private static final int S3_CONNECTION_TIMEOUT_MS = 1000;
	private static final int S3_CLIENT_EXECUTION_TIMEOUT_MS = 15000;
	private static final int S3_MAX_ERROR_RETRY = 5;

	public static AmazonS3 getAmazonS3(final String apiKey, final String endpoint, final String location, final String serviceInstanceId) {
		String iamEndpoint;
		if (endpoint.contains("cloud-object-storage.test.appdomain.cloud") || endpoint.contains("objectstorage.uat")) {
			iamEndpoint = "https://iam.test.cloud.ibm.com/identity/token";
		} else {
			iamEndpoint = "https://iam.cloud.ibm.com/identity/token";
		}

		ClientConfiguration clientConfig = new ClientConfiguration().withRequestTimeout(S3_REQUEST_TIMEOUT_MS).withConnectionTimeout(S3_CONNECTION_TIMEOUT_MS)
				.withClientExecutionTimeout(S3_CLIENT_EXECUTION_TIMEOUT_MS)
				.withRetryPolicy(PredefinedRetryPolicies.getDefaultRetryPolicyWithCustomMaxRetries(S3_MAX_ERROR_RETRY));
		clientConfig.setUseTcpKeepAlive(true);

		final DefaultTokenProvider tokenProvider = new DefaultTokenProvider(apiKey);
		tokenProvider.setHttpClientSettings(HttpClientSettings.adapt(clientConfig));
		tokenProvider.setIamEndpoint(iamEndpoint);
		final DefaultTokenManager tokenManager = new DefaultTokenManager(tokenProvider);
		tokenManager.setIamEndpoint(iamEndpoint);
		tokenManager.setIamMaxRetry(S3_MAX_ERROR_RETRY);
		tokenManager.setClientConfiguration(clientConfig);
		final BasicIBMOAuthCredentials credentials = new BasicIBMOAuthCredentials(tokenManager, serviceInstanceId);

		return AmazonS3ClientBuilder.standard().withIAMEndpoint(iamEndpoint).withCredentials(new AWSStaticCredentialsProvider(credentials))
				.withEndpointConfiguration(new EndpointConfiguration(endpoint, location)).withPathStyleAccessEnabled(true).withClientConfiguration(clientConfig)
				.build();
	}

I pulled the source code and changed this section to explicitly set a request config to test if this was the issue:

ibm-cos-sdk-java/ibm-cos-java-sdk-core/src/main/java/com/ibm/cloud/objectstorage/oauth/DefaultTokenProvider.java

Line 140 in 66efd38

HttpClient client = builder.setSSLSocketFactory(sslsf).build(); 

RequestConfig config = RequestConfig.custom().setConnectTimeout(1000).build();
HttpClient client = builder.setSSLSocketFactory(sslsf).setDefaultRequestConfig(config).build();

With this explicit setting, the behavior was what I was expecting. It seems the token provider is not configured with the client configuration that is provided.

commented

Thank you for your report and investigation. We have an internal ticket tracking this item.

commented

@everlylfc This issue has been resolved in 2.11.1. Please verify and close this ticket.

commented

Closing ticket as resolved.