Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Port Web Identity Credential Provider to V2 #338

Closed
jasdel opened this issue Jul 10, 2019 · 4 comments · Fixed by #488 or #507
Closed

Port Web Identity Credential Provider to V2 #338

jasdel opened this issue Jul 10, 2019 · 4 comments · Fixed by #488 or #507
Labels
v1-sync

Comments

@jasdel
Copy link
Contributor

jasdel commented Jul 10, 2019

Port the V1's Web identity credential provider, and shared config refactors to the V2 SDK,

aws/aws-sdk-go#2667
@jasdel jasdel added the v1-sync label Jul 10, 2019
@nlowe
Copy link
Contributor

nlowe commented Sep 26, 2019

Is this something you would accept a pull request for? We're looking to try out Fine-Grained IAM Roles for Service Accounts in EKS with the v2 SDK and I'm pretty sure this has to be implemented first.

@jasdel
Copy link
Contributor Author

jasdel commented Sep 26, 2019
edited
Loading

Hi @nlowe we'd be glad to review PRs for this issue. The V2 SDK's credential loader does have a backlog planned refactor that would enabling chaining of credentials like the v1 SDK, #268 that would impact the usage of this credential provider in the SDK's default configuration loading.

@goswamig
Copy link
Member

@nlowe do you have any work around or pull request for this issue ?

@nlowe
Copy link
Contributor

nlowe commented Nov 12, 2019

I have a basic proof of concept somewhere but I haven't had the time to throw together a proper pull request yet.

@skmcgrail skmcgrail linked a pull request Feb 7, 2020 that will close this issue
Port Shared Config Improvements & Credential Providers #488
Merged
6 tasks
skmcgrail added a commit to skmcgrail/aws-sdk-go-v2 that referenced this issue Mar 17, 2020
@skmcgrail
Release v0.20.0 (2020-03-17)
3fb24bf 
Breaking Change
---
* Update SDK retry behavior
  * Significant updates were made the SDK's retry behavior. The SDK will now retry all connections error. In addition, to changing what errors are retried the SDK's retry behavior not distinguish the difference between throttling errors, and regular retryable errors. All errors will be retried with the same backoff jitter delay scaling.
  * The SDK will attempt an operation request 3 times by default. This is one less than the previous initial request with 3 retires.
  * New helper functions in the new `aws/retry` package allow wrapping a `Retrier` with custom behavior, overriding the base `Retrier`, (e.g. `AddWithErrorCodes`, and `AddWithMaxAttempts`)
* Update SDK error handling
  * Updates the SDK's handling of errors to take advantage of Go 1.13's new `errors.As`, `Is`, and `Unwrap`. The SDK's errors were updated to satisfy the `Unwrap` interface, returning the underlying error.
  * With this update, you can now more easily access the SDK's layered errors, and meaningful state such as, `Timeout`, `Temporary`, and other states added to the SDK such as `CanceledError`.
* Bump SDK minimum supported version from Go 1.12 to Go 1.13
  * The SDK's minimum supported version is bumped to take advantage of Go 1.13's updated `errors` package.

Services
---
* Synced the V2 SDK with latest AWS service API definitions.

SDK Features
---
* `aws`: Add Support for additional credential providers and credential configuration chaining ([aws#488](aws#488))
  * `aws/processcreds`: Adds Support for the Process Credential Provider
    * Fixes [aws#249](aws#249)
  * `aws/stscreds`: Adds Support for the Web Identity Credential Provider
    * Fixes [aws#475](aws#475)
    * Fixes [aws#338](aws#338)
  * Adds Support for `credential_source`
    * Fixes [aws#274](aws#274)
* `aws/awserr`: Adds support for Go 1.13's `errors.Unwrap` ([aws#487](aws#487))
* `aws`: Updates SDK retry behavior ([aws#487](aws#487))
  * `aws/retry`: New package defining logic to determine if a request should be retried, and backoff.
  * `aws/ratelimit`: New package defining rate limit logic such as token bucket used by the `retry.Standard` retrier.

SDK Enhancements
---
* `aws`: Add grouping of concurrent refresh of credentials ([aws#503](aws#503)
  * Concurrent calls to `Retrieve` are now grouped in order to prevent numerous synchronous calls to refresh the credentials. Replacing the mutex with a singleflight reduces the overall amount of time request signatures need to wait while retrieving credentials. This is improvement becomes pronounced when many requests are made concurrently.
* `service/s3/s3manager`: Improve memory allocation behavior by replacing sync.Pool with custom pool implementation
  * Improves memory allocations that occur when the provided `io.Reader` to upload does not satisfy both the `io.ReaderAt` and `io.ReadSeeker` interfaces.

SDK Bugs
---
* `service/s3/s3manager`: Fix resource leaks when the following occurred:
  * Failed CreateMultipartUpload call
  * Failed UploadPart call
@skmcgrail skmcgrail mentioned this issue Mar 17, 2020
Merged
skmcgrail added a commit to skmcgrail/aws-sdk-go-v2 that referenced this issue Mar 17, 2020
@skmcgrail
Release v0.20.0 (2020-03-17)
dd25caf 
Breaking Change
---
* Update SDK retry behavior
  * Significant updates were made the SDK's retry behavior. The SDK will now retry all connections error. In addition, to changing what errors are retried the SDK's retry behavior not distinguish the difference between throttling errors, and regular retryable errors. All errors will be retried with the same backoff jitter delay scaling.
  * The SDK will attempt an operation request 3 times by default. This is one less than the previous initial request with 3 retires.
  * New helper functions in the new `aws/retry` package allow wrapping a `Retrier` with custom behavior, overriding the base `Retrier`, (e.g. `AddWithErrorCodes`, and `AddWithMaxAttempts`)
* Update SDK error handling
  * Updates the SDK's handling of errors to take advantage of Go 1.13's new `errors.As`, `Is`, and `Unwrap`. The SDK's errors were updated to satisfy the `Unwrap` interface, returning the underlying error.
  * With this update, you can now more easily access the SDK's layered errors, and meaningful state such as, `Timeout`, `Temporary`, and other states added to the SDK such as `CanceledError`.
* Bump SDK minimum supported version from Go 1.12 to Go 1.13
  * The SDK's minimum supported version is bumped to take advantage of Go 1.13's updated `errors` package.

Services
---
* Synced the V2 SDK with latest AWS service API definitions.

SDK Features
---
* `aws`: Add Support for additional credential providers and credential configuration chaining ([aws#488](aws#488))
  * `aws/processcreds`: Adds Support for the Process Credential Provider
    * Fixes [aws#249](aws#249)
  * `aws/stscreds`: Adds Support for the Web Identity Credential Provider
    * Fixes [aws#475](aws#475)
    * Fixes [aws#338](aws#338)
  * Adds Support for `credential_source`
    * Fixes [aws#274](aws#274)
* `aws/awserr`: Adds support for Go 1.13's `errors.Unwrap` ([aws#487](aws#487))
* `aws`: Updates SDK retry behavior ([aws#487](aws#487))
  * `aws/retry`: New package defining logic to determine if a request should be retried, and backoff.
  * `aws/ratelimit`: New package defining rate limit logic such as token bucket used by the `retry.Standard` retrier.

SDK Enhancements
---
* `aws`: Add grouping of concurrent refresh of credentials ([aws#503](aws#503))
  * Concurrent calls to `Retrieve` are now grouped in order to prevent numerous synchronous calls to refresh the credentials. Replacing the mutex with a singleflight reduces the overall amount of time request signatures need to wait while retrieving credentials. This is improvement becomes pronounced when many requests are made concurrently.
* `service/s3/s3manager`: Improve memory allocation behavior by replacing sync.Pool with custom pool implementation
  * Improves memory allocations that occur when the provided `io.Reader` to upload does not satisfy both the `io.ReaderAt` and `io.ReadSeeker` interfaces.

SDK Bugs
---
* `service/s3/s3manager`: Fix resource leaks when the following occurred:
  * Failed CreateMultipartUpload call
  * Failed UploadPart call
skmcgrail added a commit that referenced this issue Mar 17, 2020
@skmcgrail
Release v0.20.0 (2020-03-17) (#507)
2930532 
Breaking Change
---
* Update SDK retry behavior
  * Significant updates were made the SDK's retry behavior. The SDK will now retry all connections error. In addition, to changing what errors are retried the SDK's retry behavior not distinguish the difference between throttling errors, and regular retryable errors. All errors will be retried with the same backoff jitter delay scaling.
  * The SDK will attempt an operation request 3 times by default. This is one less than the previous initial request with 3 retires.
  * New helper functions in the new `aws/retry` package allow wrapping a `Retrier` with custom behavior, overriding the base `Retrier`, (e.g. `AddWithErrorCodes`, and `AddWithMaxAttempts`)
* Update SDK error handling
  * Updates the SDK's handling of errors to take advantage of Go 1.13's new `errors.As`, `Is`, and `Unwrap`. The SDK's errors were updated to satisfy the `Unwrap` interface, returning the underlying error.
  * With this update, you can now more easily access the SDK's layered errors, and meaningful state such as, `Timeout`, `Temporary`, and other states added to the SDK such as `CanceledError`.
* Bump SDK minimum supported version from Go 1.12 to Go 1.13
  * The SDK's minimum supported version is bumped to take advantage of Go 1.13's updated `errors` package.

Services
---
* Synced the V2 SDK with latest AWS service API definitions.

SDK Features
---
* `aws`: Add Support for additional credential providers and credential configuration chaining ([#488](#488))
  * `aws/processcreds`: Adds Support for the Process Credential Provider
    * Fixes [#249](#249)
  * `aws/stscreds`: Adds Support for the Web Identity Credential Provider
    * Fixes [#475](#475)
    * Fixes [#338](#338)
  * Adds Support for `credential_source`
    * Fixes [#274](#274)
* `aws/awserr`: Adds support for Go 1.13's `errors.Unwrap` ([#487](#487))
* `aws`: Updates SDK retry behavior ([#487](#487))
  * `aws/retry`: New package defining logic to determine if a request should be retried, and backoff.
  * `aws/ratelimit`: New package defining rate limit logic such as token bucket used by the `retry.Standard` retrier.

SDK Enhancements
---
* `aws`: Add grouping of concurrent refresh of credentials ([#503](#503))
  * Concurrent calls to `Retrieve` are now grouped in order to prevent numerous synchronous calls to refresh the credentials. Replacing the mutex with a singleflight reduces the overall amount of time request signatures need to wait while retrieving credentials. This is improvement becomes pronounced when many requests are made concurrently.
* `service/s3/s3manager`: Improve memory allocation behavior by replacing sync.Pool with custom pool implementation
  * Improves memory allocations that occur when the provided `io.Reader` to upload does not satisfy both the `io.ReaderAt` and `io.ReadSeeker` interfaces.

SDK Bugs
---
* `service/s3/s3manager`: Fix resource leaks when the following occurred:
  * Failed CreateMultipartUpload call
  * Failed UploadPart call
@errordeveloper errordeveloper mentioned this issue Nov 16, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
v1-sync
Projects
None yet
Milestone
No milestone
3 participants
@nlowe @jasdel @goswamig