Skip to content

Commit

Permalink
/vsis3/: for a long living file handle, refresh credentials coming fr…
Browse files Browse the repository at this point in the history
…om EC2/AIM (fixes #1593)
  • Loading branch information
rouault committed Jun 19, 2019
1 parent f2582da commit 6df253b
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 10 deletions.
30 changes: 25 additions & 5 deletions gdal/port/cpl_aws.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -380,7 +380,8 @@ VSIS3HandleHelper::VSIS3HandleHelper( const CPLString& osSecretAccessKey,
const CPLString& osBucket,
const CPLString& osObjectKey,
bool bUseHTTPS,
bool bUseVirtualHosting ) :
bool bUseVirtualHosting,
bool bFromEC2 ) :
m_osURL(BuildURL(osEndpoint, osBucket, osObjectKey, bUseHTTPS,
bUseVirtualHosting)),
m_osSecretAccessKey(osSecretAccessKey),
Expand All @@ -392,7 +393,8 @@ VSIS3HandleHelper::VSIS3HandleHelper( const CPLString& osSecretAccessKey,
m_osBucket(osBucket),
m_osObjectKey(osObjectKey),
m_bUseHTTPS(bUseHTTPS),
m_bUseVirtualHosting(bUseVirtualHosting)
m_bUseVirtualHosting(bUseVirtualHosting),
m_bFromEC2(bFromEC2)
{}

/************************************************************************/
Expand Down Expand Up @@ -969,8 +971,11 @@ bool VSIS3HandleHelper::GetConfiguration(CSLConstList papszOptions,
CPLString& osSecretAccessKey,
CPLString& osAccessKeyId,
CPLString& osSessionToken,
CPLString& osRegion)
CPLString& osRegion,
bool& bFromEC2)
{
bFromEC2 = false;

// AWS_REGION is GDAL specific. Later overloaded by standard
// AWS_DEFAULT_REGION
osRegion = CSLFetchNameValueDef(papszOptions, "AWS_REGION",
Expand Down Expand Up @@ -1017,6 +1022,7 @@ bool VSIS3HandleHelper::GetConfiguration(CSLConstList papszOptions,
if( GetConfigurationFromEC2(osSecretAccessKey, osAccessKeyId,
osSessionToken) )
{
bFromEC2 = true;
return true;
}

Expand Down Expand Up @@ -1066,9 +1072,10 @@ VSIS3HandleHelper* VSIS3HandleHelper::BuildFromURI( const char* pszURI,
CPLString osAccessKeyId;
CPLString osSessionToken;
CPLString osRegion;
bool bFromEC2 = false;
if( !GetConfiguration(papszOptions,
osSecretAccessKey, osAccessKeyId,
osSessionToken, osRegion) )
osSessionToken, osRegion, bFromEC2) )
{
return nullptr;
}
Expand Down Expand Up @@ -1107,7 +1114,7 @@ VSIS3HandleHelper* VSIS3HandleHelper::BuildFromURI( const char* pszURI,
osEndpoint, osRegion,
osRequestPayer,
osBucket, osObjectKey, bUseHTTPS,
bUseVirtualHosting);
bUseVirtualHosting, bFromEC2);
}

/************************************************************************/
Expand Down Expand Up @@ -1166,6 +1173,19 @@ VSIS3HandleHelper::GetCurlHeaders( const CPLString& osVerb,
const void *pabyDataContent,
size_t nBytesContent ) const
{
if( m_bFromEC2 )
{
CPLString osSecretAccessKey, osAccessKeyId, osSessionToken;
if( GetConfigurationFromEC2(osSecretAccessKey,
osAccessKeyId,
osSessionToken) )
{
m_osSecretAccessKey = osSecretAccessKey;
m_osAccessKeyId = osAccessKeyId;
m_osSessionToken = osSessionToken;
}
}

CPLString osXAMZDate = CPLGetConfigOption("AWS_TIMESTAMP", "");
if( osXAMZDate.empty() )
osXAMZDate = CPLGetAWS_SIGN4_Timestamp();
Expand Down
12 changes: 7 additions & 5 deletions gdal/port/cpl_aws.h
Original file line number Diff line number Diff line change
Expand Up @@ -128,16 +128,17 @@ class VSIS3HandleHelper final: public IVSIS3LikeHandleHelper
CPL_DISALLOW_COPY_ASSIGN(VSIS3HandleHelper)

CPLString m_osURL{};
CPLString m_osSecretAccessKey{};
CPLString m_osAccessKeyId{};
CPLString m_osSessionToken{};
mutable CPLString m_osSecretAccessKey{};
mutable CPLString m_osAccessKeyId{};
mutable CPLString m_osSessionToken{};
CPLString m_osEndpoint{};
CPLString m_osRegion{};
CPLString m_osRequestPayer{};
CPLString m_osBucket{};
CPLString m_osObjectKey{};
bool m_bUseHTTPS = false;
bool m_bUseVirtualHosting = false;
bool m_bFromEC2 = false;

void RebuildURL() override;

Expand All @@ -156,7 +157,8 @@ class VSIS3HandleHelper final: public IVSIS3LikeHandleHelper
CPLString& osSecretAccessKey,
CPLString& osAccessKeyId,
CPLString& osSessionToken,
CPLString& osRegion);
CPLString& osRegion,
bool& bFromEC2);
protected:

public:
Expand All @@ -168,7 +170,7 @@ class VSIS3HandleHelper final: public IVSIS3LikeHandleHelper
const CPLString& osRequestPayer,
const CPLString& osBucket,
const CPLString& osObjectKey,
bool bUseHTTPS, bool bUseVirtualHosting);
bool bUseHTTPS, bool bUseVirtualHosting, bool bFromEC2);
~VSIS3HandleHelper();

static VSIS3HandleHelper* BuildFromURI(const char* pszURI,
Expand Down

0 comments on commit 6df253b

Please sign in to comment.