Do not read AWS credentials from container-data

author: Valerij Fredriksen <valerijf@yahooinc.com> 2021-11-03 16:31:24 +0100
committer: Valerij Fredriksen <valerijf@yahooinc.com> 2021-11-03 16:31:24 +0100
commit: 47725da2cdb6bba4a821d54ccbf65d15cc60ada9 (patch)
tree: 4fcad8b4364a7effd6a9530f6f9b97b076298f81 /jdisc-cloud-aws
parent: e5bc78b971380cb1245e9c6a36c2b3ea0fe6eebf (diff)
1 files changed, 15 insertions, 3 deletions
diff --git a/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java b/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java
index 484e82ab00e..4424b63dcc4 100644
--- a/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java
+++ b/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java
@@ -11,19 +11,26 @@ import com.yahoo.slime.Slime;
 import com.yahoo.slime.SlimeUtils;
 
 import java.io.IOException;
+import java.io.UncheckedIOException;
 import java.nio.file.Files;
+import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
 import java.util.concurrent.atomic.AtomicReference;
 
 public class VespaAwsCredentialsProvider implements AWSCredentialsProvider {
 
-    private static final String DEFAULT_CREDENTIALS_PATH = "/opt/vespa/var/container-data/opt/vespa/conf/vespa/credentials.json";
+    private static final String DEFAULT_CREDENTIALS_PATH = "/opt/vespa/var/vespa/aws/credentials.json";
+    // TODO (freva): Remove when host-admin writes to the new path above
+    private static final String DEFAULT_CREDENTIALS_PATH_OLD = "/opt/vespa/var/container-data/opt/vespa/conf/vespa/credentials.json";
 
     private final AtomicReference<AWSCredentials> credentials = new AtomicReference<>();
     private final Path credentialsPath;
+    private final Path credentialsPathOld;
+
 
     public VespaAwsCredentialsProvider() {
         this.credentialsPath = Path.of(DEFAULT_CREDENTIALS_PATH);
+        this.credentialsPathOld = Path.of(DEFAULT_CREDENTIALS_PATH_OLD);
         refresh();
     }
 
@@ -43,14 +50,19 @@ public class VespaAwsCredentialsProvider implements AWSCredentialsProvider {
 
     private AWSSessionCredentials readCredentials() {
         try {
-            Slime slime = SlimeUtils.jsonToSlime(Files.readAllBytes(credentialsPath));
+            Slime slime;
+            try {
+                slime = SlimeUtils.jsonToSlime(Files.readAllBytes(credentialsPath));
+            } catch (NoSuchFileException ignored) {
+                slime = SlimeUtils.jsonToSlime(Files.readAllBytes(credentialsPathOld));
+            }
             Cursor cursor = slime.get();
             String accessKey = cursor.field("awsAccessKey").asString();
             String secretKey = cursor.field("awsSecretKey").asString();
             String sessionToken = cursor.field("sessionToken").asString();
             return new BasicSessionCredentials(accessKey, secretKey, sessionToken);
         } catch (IOException e) {
-            throw new RuntimeException(e);
+            throw new UncheckedIOException(e);
         }
     }
 }
author	Valerij Fredriksen <valerijf@yahooinc.com>	2021-11-03 16:31:24 +0100
committer	Valerij Fredriksen <valerijf@yahooinc.com>	2021-11-03 16:31:24 +0100
commit	47725da2cdb6bba4a821d54ccbf65d15cc60ada9 (patch)
tree	4fcad8b4364a7effd6a9530f6f9b97b076298f81 /jdisc-cloud-aws
parent	e5bc78b971380cb1245e9c6a36c2b3ea0fe6eebf (diff)