aws / aws-sdk-java-v2

The official AWS SDK for Java - Version 2
Apache License 2.0
2.2k stars 846 forks source link

DataSync - Provided HttpClient not used in default sts client #2271

Open kacperfronc opened 3 years ago

kacperfronc commented 3 years ago

Okay, so I think this is a bug, because it doesn't make a lot of sense. I need to use proxy, so when creating DataSyncAsyncClient I'm providing my custom httpClient, where I set proxy configuration. I'm also using WebIdentityTokenFileCredentialsProvider. Code is something like that:

DataSyncAsyncClient.builder()
    .httpClient(NettyNioAsyncHttpClient.builder()
        .proxyConfiguration(ProxyConfiguration.builder()
        ...)
    ...)
    .credentialsProvider(WebIdentityTokenFileCredentialsProvider.create())
    .build();

Now the problem is that later, somewhere down the line, the DefaultStsClient is created beneath, but it doesn't use the proxy settings at all. I had to do a workaround of setting program arguments like http(s).proxy(Host, Port, Set) - those seem to be respected across sdk. But I would really prefer not to do that, because of a couple of reasons, which aren't that important here.

An additional issue, I think, is that created DataSyncAsyncClient uses a sync DefaultStsClient client beneath, while everything in my configuration is async.

I'd expect the http client that I'm passing to be used, including it being async + the configuration that I've set. Alternatively, just provide my own implementation of StsClient to DataSyncAsyncClient.

I'm running aws sdk version 2.15.69 on mac Catalina 10.15.7 running on java graalvm-ce-java11-20.3.0 but I encounter the same issue running it on rhel with openjdk 11.

debora-ito commented 3 years ago

Hi @kacperfronc thank you for reaching out.

1- Regarding the proxy configuration, what you described as a workaround is the suggested way to use it. The netty client configuration for the DataSync client is not transferred to the underlying credentials retrieving methods. 2- You are correct, currently we don't support async clients in the credentials provider, we can mark it as a feature request if you'd like.

kacperfronc commented 3 years ago

Hello @debora-ito Okay, thank you for the feedback. I'll keep on using those parameters then.

Although I'd ask you to reconsider that approach, it seems that some people also had a problem with that, here for example https://github.com/aws/aws-sdk-java-v2/issues/751#issuecomment-634237068

And I see your point, but if that's the suggested way then maybe having this proxy setting in the client configuration isn't the best idea, if it's not propagated down. It seems to be breaking the principle of least astonishment.

As for the async client - sure, I think it makes sense.

Thanks!

ahmed-abdelmonem commented 1 year ago

Hello @debora-ito

Is there a workaroud to pass a specific http client to the default sts client? I have multiple HTTP implementations on the classpath, I can explicitly provide an HTTP client via the client builders but I can't find a way to provide it for the default sts client.

Thanks!

svenhaag commented 1 year ago

Hi @ahmed-abdelmonem, yes, there is a workaround. You can use system configuration properties to define the default http client.

Also maybe check software.amazon.awssdk.http.async.service.impl for the async client.

See AWS http config to descide which client is best for your scenario.