in src/odbc/rsodbc/iam/RsIamHelper.cpp [133:245]
bool RsIamHelper::IsValidIamCachedSettings(const RsSettings& in_settings, bool isNativeAuth)
{
bool rc;
// paLockMutex(s_iam_helper_criticalSection);
long currentTime = Aws::Utils::DateTime::Now().Millis();
/* if users use profile based authentication, disable cache */
if (in_settings.m_authType == IAM_AUTH_TYPE_PROFILE ||
!in_settings.m_awsProfile.empty() ||
in_settings.m_useInstanceProfile)
{
rc = false;
}
else
{
rs_string cacheKey = GetCacheKey(in_settings);
std::unordered_map<rs_string, RsCredentials>::iterator credentialItr = s_iamCredentialsCache.find(cacheKey);
if (credentialItr == s_iamCredentialsCache.end())
{
rc = false;
}
else
{
RsCredentials cachedCredentials = credentialItr->second;
if (!isNativeAuth
&&
(cachedCredentials.GetDbUser().empty() ||
cachedCredentials.GetDbPassword().empty() ||
cachedCredentials.GetExpirationTime() == 0 ||
currentTime > cachedCredentials.GetExpirationTime()))
{
// remove invalid cached credentials
s_iamCredentialsCache.erase(credentialItr);
rc = false;
}
else
if (isNativeAuth
&&
(cachedCredentials.GetIdpToken().empty() ||
cachedCredentials.GetExpirationTime() == 0 ||
currentTime > cachedCredentials.GetExpirationTime()))
{
RS_LOG_DEBUG("IAMHLP", "RsIamHelper::IsValidIamCachedSettings not from cache: currentTime:%ld GetExpirationTime():%ld no token:%d",
currentTime, cachedCredentials.GetExpirationTime(), cachedCredentials.GetIdpToken().empty());
// remove invalid cached credentials
s_iamCredentialsCache.erase(credentialItr);
rc = false;
}
else
{
/* Update this function every time when an IAM related connection attribute is added */
rc =
(s_rsSettings.m_host == in_settings.m_host ||
s_rsSettings.m_host == in_settings.m_managedVpcUrl) &&
s_rsSettings.m_username == in_settings.m_username &&
s_rsSettings.m_password == in_settings.m_password &&
s_rsSettings.m_database == in_settings.m_database &&
s_rsSettings.m_sslMode == in_settings.m_sslMode &&
s_rsSettings.m_disableCache == in_settings.m_disableCache &&
s_rsSettings.m_authType == in_settings.m_authType &&
s_rsSettings.m_dbUser == in_settings.m_dbUser &&
s_rsSettings.m_accessKeyID == in_settings.m_accessKeyID &&
s_rsSettings.m_secretAccessKey == in_settings.m_secretAccessKey &&
s_rsSettings.m_sessionToken == in_settings.m_sessionToken &&
s_rsSettings.m_awsRegion == in_settings.m_awsRegion &&
s_rsSettings.m_clusterIdentifer == in_settings.m_clusterIdentifer &&
s_rsSettings.m_dbGroups == in_settings.m_dbGroups &&
s_rsSettings.m_forceLowercase == in_settings.m_forceLowercase &&
s_rsSettings.m_userAutoCreate == in_settings.m_userAutoCreate &&
s_rsSettings.m_endpointUrl == in_settings.m_endpointUrl &&
s_rsSettings.m_stsEndpointUrl == in_settings.m_stsEndpointUrl &&
s_rsSettings.m_authProfile == in_settings.m_authProfile &&
s_rsSettings.m_stsConnectionTimeout == in_settings.m_stsConnectionTimeout &&
s_rsSettings.m_accessDuration == in_settings.m_accessDuration &&
s_rsSettings.m_pluginName == in_settings.m_pluginName &&
s_rsSettings.m_idpHost == in_settings.m_idpHost &&
s_rsSettings.m_idpPort == in_settings.m_idpPort &&
s_rsSettings.m_idpTenant == in_settings.m_idpTenant &&
s_rsSettings.m_clientSecret == in_settings.m_clientSecret &&
s_rsSettings.m_clientId == in_settings.m_clientId &&
s_rsSettings.m_scope == in_settings.m_scope &&
s_rsSettings.m_idp_response_timeout == in_settings.m_idp_response_timeout &&
s_rsSettings.m_login_url == in_settings.m_login_url &&
s_rsSettings.m_role_arn == in_settings.m_role_arn &&
s_rsSettings.m_web_identity_token == in_settings.m_web_identity_token &&
s_rsSettings.m_duration == in_settings.m_duration &&
s_rsSettings.m_role_session_name == in_settings.m_role_session_name &&
s_rsSettings.m_dbGroupsFilter == in_settings.m_dbGroupsFilter &&
s_rsSettings.m_listen_port == in_settings.m_listen_port &&
s_rsSettings.m_appId == in_settings.m_appId &&
s_rsSettings.m_oktaAppName == in_settings.m_oktaAppName &&
s_rsSettings.m_partnerSpid == in_settings.m_partnerSpid &&
s_rsSettings.m_loginToRp == in_settings.m_loginToRp &&
s_rsSettings.m_preferredRole == in_settings.m_preferredRole &&
s_rsSettings.m_sslInsecure == in_settings.m_sslInsecure &&
s_rsSettings.m_groupFederation == in_settings.m_groupFederation &&
s_rsSettings.m_managedVpcUrl == in_settings.m_managedVpcUrl;
}
}
}
// paUnlockMutex(s_iam_helper_criticalSection);
return rc;
}