Update contrib/libs/aws-sdk-cpp to 1.11.37

1 files changed, 57 insertions, 17 deletions

diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/auth/AWSCredentialsProvider.cpp b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/auth/AWSCredentialsProvider.cpp
index bf20ede35e..084e4bca6e 100644
--- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/auth/AWSCredentialsProvider.cpp
+++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/auth/AWSCredentialsProvider.cpp
@@ -48,7 +48,7 @@ static const char DEFAULT_CREDENTIALS_FILE[] = "credentials";
 extern const char DEFAULT_CONFIG_FILE[] = "config";
 
 
-static const int EXPIRATION_GRACE_PERIOD = 5 * 1000;
+static const int AWS_CREDENTIAL_PROVIDER_EXPIRATION_GRACE_PERIOD = 5 * 1000;
 
 void AWSCredentialsProvider::Reload()
 {
@@ -183,9 +183,10 @@ AWSCredentials ProfileConfigFileAWSCredentialsProvider::GetAWSCredentials()
 {
     RefreshIfExpired();
     ReaderLockGuard guard(m_reloadLock);
-    auto credsFileProfileIter = m_credentialsFileLoader.GetProfiles().find(m_profileToUse);
+    const Aws::Map<Aws::String, Aws::Config::Profile>& profiles = m_credentialsFileLoader.GetProfiles();
+    auto credsFileProfileIter = profiles.find(m_profileToUse);
 
-    if(credsFileProfileIter != m_credentialsFileLoader.GetProfiles().end())
+    if(credsFileProfileIter != profiles.end())
     {
         return credsFileProfileIter->second.GetCredentials();
     }
@@ -239,37 +240,71 @@ AWSCredentials InstanceProfileCredentialsProvider::GetAWSCredentials()
 {
     RefreshIfExpired();
     ReaderLockGuard guard(m_reloadLock);
+    if (m_ec2MetadataConfigLoader)
+    {
+        const Aws::Map<Aws::String, Aws::Config::Profile> &profiles = m_ec2MetadataConfigLoader->GetProfiles();
+        auto profileIter = profiles.find(Aws::Config::INSTANCE_PROFILE_KEY);
+
+        if (profileIter != profiles.end()) {
+            return profileIter->second.GetCredentials();
+        }
+    }
+    else
+    {
+        AWS_LOGSTREAM_ERROR(INSTANCE_LOG_TAG, "EC2 Metadata config loader is a nullptr");
+    }
+
+    return AWSCredentials();
+}
+
+bool InstanceProfileCredentialsProvider::ExpiresSoon() const
+{
+    ReaderLockGuard guard(m_reloadLock);
     auto profileIter = m_ec2MetadataConfigLoader->GetProfiles().find(Aws::Config::INSTANCE_PROFILE_KEY);
+    AWSCredentials credentials;
 
     if(profileIter != m_ec2MetadataConfigLoader->GetProfiles().end())
     {
-        return profileIter->second.GetCredentials();
+        credentials = profileIter->second.GetCredentials();
     }
 
-    return AWSCredentials();
+    return ((credentials.GetExpiration() - Aws::Utils::DateTime::Now()).count() < AWS_CREDENTIAL_PROVIDER_EXPIRATION_GRACE_PERIOD);
 }
 
 void InstanceProfileCredentialsProvider::Reload()
 {
-    AWS_LOGSTREAM_INFO(INSTANCE_LOG_TAG, "Credentials have expired attempting to repull from EC2 Metadata Service.");
-    m_ec2MetadataConfigLoader->Load();
-    AWSCredentialsProvider::Reload();
+    AWS_LOGSTREAM_INFO(INSTANCE_LOG_TAG, "Credentials have expired attempting to re-pull from EC2 Metadata Service.");
+    if (m_ec2MetadataConfigLoader) {
+        m_ec2MetadataConfigLoader->Load();
+        AWSCredentialsProvider::Reload();
+    } else {
+        AWS_LOGSTREAM_ERROR(INSTANCE_LOG_TAG, "EC2 Metadata config loader is a nullptr");
+    }
 }
 
 void InstanceProfileCredentialsProvider::RefreshIfExpired()
 {
     AWS_LOGSTREAM_DEBUG(INSTANCE_LOG_TAG, "Checking if latest credential pull has expired.");
     ReaderLockGuard guard(m_reloadLock);
-    if (!IsTimeToRefresh(m_loadFrequencyMs))
-    {
-        return;
-    }
+    auto profileIter = m_ec2MetadataConfigLoader->GetProfiles().find(Aws::Config::INSTANCE_PROFILE_KEY);
+    AWSCredentials credentials;
 
-    guard.UpgradeToWriterLock();
-    if (!IsTimeToRefresh(m_loadFrequencyMs)) // double-checked lock to avoid refreshing twice
+    if(profileIter != m_ec2MetadataConfigLoader->GetProfiles().end())
     {
-        return;
+        credentials = profileIter->second.GetCredentials();
+
+        if (!credentials.IsEmpty() && !IsTimeToRefresh(m_loadFrequencyMs) && !ExpiresSoon())
+        {
+            return;
+        }
+
+        guard.UpgradeToWriterLock();
+        if (!credentials.IsEmpty() && !IsTimeToRefresh(m_loadFrequencyMs) && !ExpiresSoon()) // double-checked lock to avoid refreshing twice
+        {
+            return;
+        }
     }
+
     Reload();
 }
 
@@ -306,12 +341,17 @@ AWSCredentials TaskRoleCredentialsProvider::GetAWSCredentials()
 
 bool TaskRoleCredentialsProvider::ExpiresSoon() const
 {
-    return ((m_credentials.GetExpiration() - Aws::Utils::DateTime::Now()).count() < EXPIRATION_GRACE_PERIOD);
+    return ((m_credentials.GetExpiration() - Aws::Utils::DateTime::Now()).count() < AWS_CREDENTIAL_PROVIDER_EXPIRATION_GRACE_PERIOD);
 }
 
 void TaskRoleCredentialsProvider::Reload()
 {
-    AWS_LOGSTREAM_INFO(TASK_ROLE_LOG_TAG, "Credentials have expired or will expire, attempting to repull from ECS IAM Service.");
+    AWS_LOGSTREAM_INFO(TASK_ROLE_LOG_TAG, "Credentials have expired or will expire, attempting to re-pull from ECS IAM Service.");
+    if (!m_ecsCredentialsClient)
+    {
+        AWS_LOGSTREAM_ERROR(INSTANCE_LOG_TAG, "ECS Credentials client is a nullptr");
+        return;
+    }
 
     auto credentialsStr = m_ecsCredentialsClient->GetECSCredentials();
     if (credentialsStr.empty()) return;