Skip to content

Commit

Permalink
enable defaultAwsCredentialChain when botoCfgPath is neglected
Browse files Browse the repository at this point in the history
  • Loading branch information
waziqi89 committed Mar 20, 2024
1 parent 5637580 commit 67a201c
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 40 deletions.
4 changes: 2 additions & 2 deletions docs/server_configuration.rst
Original file line number Diff line number Diff line change
Expand Up @@ -83,8 +83,8 @@ Example server configuration

* - botoCfgPath
- str
- Path to AWS credentials (if using S3 for remote storage)
- `<DEFAULT_USER_DIR> <https://github.com/Yelp/nrtsearch/blob/f612f5d3e14e468ab8c9b45dd4be0ab84231b9de/src/main/java/com/yelp/nrtsearch/server/config/LuceneServerConfiguration.java#L35>`_/boto.cfg
- Path to AWS credentials (if using S3 for remote storage); Will use the DefaultAWSCredentialsProviderChain if omitted.
- null

* - archiveDirectory
- str
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,6 @@ public class LuceneServerConfiguration {
Paths.get(System.getProperty("user.home"), "lucene", "server");
public static final Path DEFAULT_ARCHIVER_DIR =
Paths.get(DEFAULT_USER_DIR.toString(), "archiver");
public static final Path DEFAULT_BOTO_CFG_PATH =
Paths.get(DEFAULT_USER_DIR.toString(), "boto.cfg");
public static final Path DEFAULT_STATE_DIR =
Paths.get(DEFAULT_USER_DIR.toString(), "default_state");
public static final Path DEFAULT_INDEX_DIR =
Expand Down Expand Up @@ -137,7 +135,7 @@ public LuceneServerConfiguration(InputStream yamlStream) {
stateDir = configReader.getString("stateDir", DEFAULT_STATE_DIR.toString());
indexDir = configReader.getString("indexDir", DEFAULT_INDEX_DIR.toString());
archiveDirectory = configReader.getString("archiveDirectory", DEFAULT_ARCHIVER_DIR.toString());
botoCfgPath = configReader.getString("botoCfgPath", DEFAULT_BOTO_CFG_PATH.toString());
botoCfgPath = configReader.getString("botoCfgPath", null);
bucketName = configReader.getString("bucketName", DEFAULT_BUCKET_NAME);
maxS3ClientRetries =
configReader.getInteger("maxS3ClientRetries", DEFAULT_MAX_S3_CLIENT_RETRIES);
Expand Down
78 changes: 43 additions & 35 deletions src/main/java/com/yelp/nrtsearch/server/module/S3Module.java
Original file line number Diff line number Diff line change
Expand Up @@ -17,16 +17,15 @@

import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.AnonymousAWSCredentials;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.auth.profile.ProfilesConfigFile;
import com.amazonaws.client.builder.AwsClientBuilder;
import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration;
import com.amazonaws.retry.PredefinedRetryPolicies;
import com.amazonaws.retry.RetryPolicy;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.model.AmazonS3Exception;
import com.google.inject.AbstractModule;
import com.google.inject.Inject;
import com.google.inject.Provides;
Expand All @@ -44,21 +43,30 @@ public class S3Module extends AbstractModule {
@Singleton
@Provides
protected AmazonS3 providesAmazonS3(LuceneServerConfiguration luceneServerConfiguration) {
if (luceneServerConfiguration
.getBotoCfgPath()
.equals(LuceneServerConfiguration.DEFAULT_BOTO_CFG_PATH.toString())) {
return AmazonS3ClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(new AnonymousAWSCredentials()))
.withEndpointConfiguration(
new AwsClientBuilder.EndpointConfiguration("dummyService", "dummyRegion"))
.build();
AWSCredentialsProvider awsCredentialsProvider;
if (luceneServerConfiguration.getBotoCfgPath() == null) {
awsCredentialsProvider = new DefaultAWSCredentialsProviderChain();
} else {
Path botoCfgPath = Paths.get(luceneServerConfiguration.getBotoCfgPath());
final ProfilesConfigFile profilesConfigFile = new ProfilesConfigFile(botoCfgPath.toFile());
final AWSCredentialsProvider awsCredentialsProvider =
new ProfileCredentialsProvider(profilesConfigFile, "default");
awsCredentialsProvider = new ProfileCredentialsProvider(profilesConfigFile, "default");
}
final boolean globalBucketAccess = luceneServerConfiguration.getEnableGlobalBucketAccess();

AmazonS3ClientBuilder clientBuilder =
AmazonS3ClientBuilder.standard()
.withCredentials(awsCredentialsProvider)
.withForceGlobalBucketAccessEnabled(globalBucketAccess);
try {
// Always use US_Standard for getBucketLocation.
// The running environment might not be within AWS, and the region may not be resolvable from
// https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/regions/providers/DefaultAwsRegionProviderChain.html
AmazonS3 s3ClientInterim =
AmazonS3ClientBuilder.standard().withCredentials(awsCredentialsProvider).build();
AmazonS3ClientBuilder.standard()
.withRegion("us-east-1")
.withCredentials(awsCredentialsProvider)
.withForceGlobalBucketAccessEnabled(globalBucketAccess)
.build();
String region = s3ClientInterim.getBucketLocation(luceneServerConfiguration.getBucketName());
// In useast-1, the region is returned as "US" which is an equivalent to "us-east-1"
// https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/model/Region.html#US_Standard
Expand All @@ -68,28 +76,28 @@ protected AmazonS3 providesAmazonS3(LuceneServerConfiguration luceneServerConfig
}
String serviceEndpoint = String.format("s3.%s.amazonaws.com", region);
logger.info(String.format("S3 ServiceEndpoint: %s", serviceEndpoint));
AmazonS3ClientBuilder clientBuilder =
AmazonS3ClientBuilder.standard()
.withCredentials(awsCredentialsProvider)
.withEndpointConfiguration(new EndpointConfiguration(serviceEndpoint, region));

int maxRetries = luceneServerConfiguration.getMaxS3ClientRetries();
if (maxRetries > 0) {
RetryPolicy retryPolicy =
new RetryPolicy(
PredefinedRetryPolicies.DEFAULT_RETRY_CONDITION,
PredefinedRetryPolicies.DEFAULT_BACKOFF_STRATEGY,
maxRetries,
true);
ClientConfiguration clientConfiguration =
new ClientConfiguration().withRetryPolicy(retryPolicy);
clientBuilder.setClientConfiguration(clientConfiguration);
}
clientBuilder.withEndpointConfiguration(new EndpointConfiguration(serviceEndpoint, region));
} catch (AmazonS3Exception amazonS3Exception) {
logger.warn(
"failed to get the location of S3 bucket: "
+ luceneServerConfiguration.getBucketName()
+ ". This could be caused by invalid credentials or invalid bucket name.",
amazonS3Exception);
}

if (luceneServerConfiguration.getEnableGlobalBucketAccess()) {
clientBuilder.enableForceGlobalBucketAccess();
}
return clientBuilder.build();
int maxRetries = luceneServerConfiguration.getMaxS3ClientRetries();
if (maxRetries > 0) {
RetryPolicy retryPolicy =
new RetryPolicy(
PredefinedRetryPolicies.DEFAULT_RETRY_CONDITION,
PredefinedRetryPolicies.DEFAULT_BACKOFF_STRATEGY,
maxRetries,
true);
ClientConfiguration clientConfiguration =
new ClientConfiguration().withRetryPolicy(retryPolicy);
clientBuilder.setClientConfiguration(clientConfiguration);
}

return clientBuilder.build();
}
}

0 comments on commit 67a201c

Please sign in to comment.