Merge pull request #2021 from beyonnex-io/bugfix/mongo-aws-iam-auth

thjaeckle · web-flow · commit fc610dad5536 · 2024-09-18T13:22:51.000+02:00
remove the use of try for StsClient to avoid closing the client prema…
diff --git a/internal/utils/persistence/src/main/java/org/eclipse/ditto/internal/utils/persistence/mongo/auth/AwsAuthenticationHelper.java b/internal/utils/persistence/src/main/java/org/eclipse/ditto/internal/utils/persistence/mongo/auth/AwsAuthenticationHelper.java
@@ -61,25 +61,24 @@ public static MongoCredential provideAwsIamBasedMongoCredential(
         }
 
         final Supplier<AwsCredential> awsFreshCredentialSupplier;
-        try (final StsClient stsClient = stsClientBuilder.build()) {
-            awsFreshCredentialSupplier = () -> {
-                LOGGER.info("Supplying AWS IAM credentials, assuming role <{}> in session name <{}>",
-                        awsRoleArn, awsSessionName);
+        final StsClient stsClient = stsClientBuilder.build();
+        awsFreshCredentialSupplier = () -> {
+            LOGGER.info("Supplying AWS IAM credentials, assuming role <{}> in session name <{}>",
+                    awsRoleArn, awsSessionName);
 
-                // assume role using the AWS SDK
-                final AssumeRoleRequest roleRequest = AssumeRoleRequest.builder()
-                        .roleArn(awsRoleArn)
-                        .roleSessionName(awsSessionName)
-                        .build();
-                final AssumeRoleResponse roleResponse = stsClient.assumeRole(roleRequest);
-                final Credentials awsCredentials = roleResponse.credentials();
+            // assume role using the AWS SDK
+            final AssumeRoleRequest roleRequest = AssumeRoleRequest.builder()
+                    .roleArn(awsRoleArn)
+                    .roleSessionName(awsSessionName)
+                    .build();
+            final AssumeRoleResponse roleResponse = stsClient.assumeRole(roleRequest);
+            final Credentials awsCredentials = roleResponse.credentials();
 
-                return new AwsCredential(awsCredentials.accessKeyId(), awsCredentials.secretAccessKey(),
-                        awsCredentials.sessionToken());
-            };
+            return new AwsCredential(awsCredentials.accessKeyId(), awsCredentials.secretAccessKey(),
+                    awsCredentials.sessionToken());
+        };
 
-            return MongoCredential.createAwsCredential(null, null)
-                    .withMechanismProperty(MongoCredential.AWS_CREDENTIAL_PROVIDER_KEY, awsFreshCredentialSupplier);
-        }
+        return MongoCredential.createAwsCredential(null, null)
+                .withMechanismProperty(MongoCredential.AWS_CREDENTIAL_PROVIDER_KEY, awsFreshCredentialSupplier);
     }
 }
