Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(NODE-5939): Implement 6.x: cache the AWS credentials provider in the MONGODB-AWS auth logic #3991

Merged
merged 21 commits into from Feb 21, 2024
Merged

feat(NODE-5939): Implement 6.x: cache the AWS credentials provider in the MONGODB-AWS auth logic #3991

merged 21 commits into from Feb 21, 2024

Conversation

alenakhineika
Copy link
Contributor

@alenakhineika alenakhineika commented Feb 13, 2024
edited

Description

Cashing credentials is required by the spec.

The AWS credentials provider instance itself is implemented as a smart credentials cache. It will issue at most one request to IMDS, and will only issue another request when the credentials are about to expire.

Instead of creating a new AWS provider for each authentication, we cache the AWS credentials provider per client.

What is changing?

  • Refactor AUTH_PROVIDERS to have factory functions instead of creating providers

  • Create instances of auth providers in MongoClient and cache them when requested per client to ensure that cached credentials are not shared with other clients

    • Expose the getAuthProvider() function per ClientOptions, so it can be requested by connection and monitoring to communicate with auth providers
    • A client can have more than one auth provider because while connecting we can e.g. switch from MONGODB_DEFAULT to MONGODB_SCRAM_SHA256

  • Cache AWS provider per MongoDBAWS. AWS SDK will cache the first HTTP request as long as the provider is not reconstructed. We refactor the codebase to ensure that the AWS provider is stored per the MongoDBAWS instance to prevent overwhelming the auth endpoint

Is there new documentation needed for these changes?

None

What is the motivation for this change?

NODE-5616

Release Highlight

Caching AWS credentials provider per client

Instead of creating a new AWS provider for each authentication, we cache the AWS credentials provider per client to prevent overwhelming the auth endpoint and ensure that cached credentials are not shared with other clients.

Double check the following

  • Ran npm run check:lint script
  • Self-review completed using the steps outlined here
  • PR title follows the correct format: type(NODE-xxxx)[!]: description
    • Example: feat(NODE-1234)!: rewriting everything in coffeescript
  • Changes are covered by tests
  • New TODOs have a related JIRA ticket

@alenakhineika alenakhineika changed the title feat(NODE-5616): cache the AWS credentials provider in the MONGODB-AWS auth logic feat(NODE-5939): Implement 6.x: cache the AWS credentials provider in the MONGODB-AWS auth logic Feb 15, 2024
@alenakhineika alenakhineika marked this pull request as ready for review February 16, 2024 14:41
@durran durran self-assigned this Feb 19, 2024
@durran durran added the Primary Review In Review with primary reviewer, not yet ready for team's eyes label Feb 19, 2024
durran
durran requested changes Feb 19, 2024
View reviewed changes
src/mongo_client.ts Outdated Show resolved Hide resolved
src/mongo_client.ts Outdated Show resolved Hide resolved
test/integration/auth/mongodb_aws.test.ts Show resolved Hide resolved
@durran durran added Team Review Needs review from team and removed Primary Review In Review with primary reviewer, not yet ready for team's eyes labels Feb 20, 2024
@durran durran merged commit e0a37e5 into main Feb 21, 2024
27 checks passed
@durran durran deleted the NODE-5616-cache-aws-credentials branch February 21, 2024 10:18
@github-actions github-actions bot mentioned this pull request Feb 21, 2024
Merged
@alenakhineika alenakhineika removed the Team Review Needs review from team label Feb 22, 2024
@alenakhineika alenakhineika mentioned this pull request Feb 22, 2024
Merged
5 tasks
@akanchhaS akanchhaS mentioned this pull request May 18, 2024
Open
@lydmoon lydmoon mentioned this pull request May 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@durran durran durran approved these changes

@aditi-khare-mongoDB aditi-khare-mongoDB aditi-khare-mongoDB approved these changes

Assignees

@durran durran

Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@alenakhineika @durran @aditi-khare-mongoDB