From 6df253b7cb1bb04d8fa847106b60ff190f23235b Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Fri, 7 Jun 2019 20:50:53 +0200 Subject: [PATCH] /vsis3/: for a long living file handle, refresh credentials coming from EC2/AIM (fixes #1593) --- gdal/port/cpl_aws.cpp | 30 +++++++++++++++++++++++++----- gdal/port/cpl_aws.h | 12 +++++++----- 2 files changed, 32 insertions(+), 10 deletions(-) diff --git a/gdal/port/cpl_aws.cpp b/gdal/port/cpl_aws.cpp index 68ad6422d369..6b90a860ca1e 100644 --- a/gdal/port/cpl_aws.cpp +++ b/gdal/port/cpl_aws.cpp @@ -380,7 +380,8 @@ VSIS3HandleHelper::VSIS3HandleHelper( const CPLString& osSecretAccessKey, const CPLString& osBucket, const CPLString& osObjectKey, bool bUseHTTPS, - bool bUseVirtualHosting ) : + bool bUseVirtualHosting, + bool bFromEC2 ) : m_osURL(BuildURL(osEndpoint, osBucket, osObjectKey, bUseHTTPS, bUseVirtualHosting)), m_osSecretAccessKey(osSecretAccessKey), @@ -392,7 +393,8 @@ VSIS3HandleHelper::VSIS3HandleHelper( const CPLString& osSecretAccessKey, m_osBucket(osBucket), m_osObjectKey(osObjectKey), m_bUseHTTPS(bUseHTTPS), - m_bUseVirtualHosting(bUseVirtualHosting) + m_bUseVirtualHosting(bUseVirtualHosting), + m_bFromEC2(bFromEC2) {} /************************************************************************/ @@ -969,8 +971,11 @@ bool VSIS3HandleHelper::GetConfiguration(CSLConstList papszOptions, CPLString& osSecretAccessKey, CPLString& osAccessKeyId, CPLString& osSessionToken, - CPLString& osRegion) + CPLString& osRegion, + bool& bFromEC2) { + bFromEC2 = false; + // AWS_REGION is GDAL specific. Later overloaded by standard // AWS_DEFAULT_REGION osRegion = CSLFetchNameValueDef(papszOptions, "AWS_REGION", @@ -1017,6 +1022,7 @@ bool VSIS3HandleHelper::GetConfiguration(CSLConstList papszOptions, if( GetConfigurationFromEC2(osSecretAccessKey, osAccessKeyId, osSessionToken) ) { + bFromEC2 = true; return true; } @@ -1066,9 +1072,10 @@ VSIS3HandleHelper* VSIS3HandleHelper::BuildFromURI( const char* pszURI, CPLString osAccessKeyId; CPLString osSessionToken; CPLString osRegion; + bool bFromEC2 = false; if( !GetConfiguration(papszOptions, osSecretAccessKey, osAccessKeyId, - osSessionToken, osRegion) ) + osSessionToken, osRegion, bFromEC2) ) { return nullptr; } @@ -1107,7 +1114,7 @@ VSIS3HandleHelper* VSIS3HandleHelper::BuildFromURI( const char* pszURI, osEndpoint, osRegion, osRequestPayer, osBucket, osObjectKey, bUseHTTPS, - bUseVirtualHosting); + bUseVirtualHosting, bFromEC2); } /************************************************************************/ @@ -1166,6 +1173,19 @@ VSIS3HandleHelper::GetCurlHeaders( const CPLString& osVerb, const void *pabyDataContent, size_t nBytesContent ) const { + if( m_bFromEC2 ) + { + CPLString osSecretAccessKey, osAccessKeyId, osSessionToken; + if( GetConfigurationFromEC2(osSecretAccessKey, + osAccessKeyId, + osSessionToken) ) + { + m_osSecretAccessKey = osSecretAccessKey; + m_osAccessKeyId = osAccessKeyId; + m_osSessionToken = osSessionToken; + } + } + CPLString osXAMZDate = CPLGetConfigOption("AWS_TIMESTAMP", ""); if( osXAMZDate.empty() ) osXAMZDate = CPLGetAWS_SIGN4_Timestamp(); diff --git a/gdal/port/cpl_aws.h b/gdal/port/cpl_aws.h index 269fe77ddc70..0ef6b7f796d9 100644 --- a/gdal/port/cpl_aws.h +++ b/gdal/port/cpl_aws.h @@ -128,9 +128,9 @@ class VSIS3HandleHelper final: public IVSIS3LikeHandleHelper CPL_DISALLOW_COPY_ASSIGN(VSIS3HandleHelper) CPLString m_osURL{}; - CPLString m_osSecretAccessKey{}; - CPLString m_osAccessKeyId{}; - CPLString m_osSessionToken{}; + mutable CPLString m_osSecretAccessKey{}; + mutable CPLString m_osAccessKeyId{}; + mutable CPLString m_osSessionToken{}; CPLString m_osEndpoint{}; CPLString m_osRegion{}; CPLString m_osRequestPayer{}; @@ -138,6 +138,7 @@ class VSIS3HandleHelper final: public IVSIS3LikeHandleHelper CPLString m_osObjectKey{}; bool m_bUseHTTPS = false; bool m_bUseVirtualHosting = false; + bool m_bFromEC2 = false; void RebuildURL() override; @@ -156,7 +157,8 @@ class VSIS3HandleHelper final: public IVSIS3LikeHandleHelper CPLString& osSecretAccessKey, CPLString& osAccessKeyId, CPLString& osSessionToken, - CPLString& osRegion); + CPLString& osRegion, + bool& bFromEC2); protected: public: @@ -168,7 +170,7 @@ class VSIS3HandleHelper final: public IVSIS3LikeHandleHelper const CPLString& osRequestPayer, const CPLString& osBucket, const CPLString& osObjectKey, - bool bUseHTTPS, bool bUseVirtualHosting); + bool bUseHTTPS, bool bUseVirtualHosting, bool bFromEC2); ~VSIS3HandleHelper(); static VSIS3HandleHelper* BuildFromURI(const char* pszURI,