Merge credentials reloading feature branch to mainline (#3712)

* ProfileCredentialsProvider can now reload credentials when profile files change (#3487)

* ProfileFile can update if disk changed, reload as new instance

* ProfileCredentialsProvider reloads credentials if profile file has changes

* Created class ProfileFileRefresher

* Created ReloadingProfileCredentialsProvider; moved new logic in ProfileFile to ProfileFileRefresher

* Fix ReloadingProfileCredentialsBehavior when missing ProfileFile Supplier or Predicate, and dealing with defaults

* Consolidated ReloadingProfileCredentialsProvider functionality into ProfileCredentialsProvider

* Fix behavior when dealing with defaults

* Created ProfileFileSupplier interface; refactored

* Misc fixes

* Created package-private ProfileFileSupplierBuilder; ProfileFileSupplier now extends Supplier; Fixed Javadoc

* Fixed unit tests for default credentials file

* Removed ProfileFileSupplier.Builder interface

* Code cleanup

* ProfileFileSupplier API changes, aggregating (#3558)

* Added methods for aggregating ProfileFile objects

* Removed redundant logic, changelog entry

* Removed redundant methods

* Use compare and set to make thread safe

* DefaultCredentialsProvider reload profile (#3580)

* Misc fixes

* Reload credentials by DefaultCredentialsProvider; pass supplier to InstanceProfileCredentialsProvider

* Fix code alignment

* Update public APIs to Supplier<ProfileFile> instead of ProfileFileSupplier (#3607)

* ProfileTokenProvider Reload ProfileFile (#3608)

* Updated ProfileTokenProvider

* Updated tests, do not explicitly swallow exceptions

* ProfileTokenProviderLoader can use Supplier<Profilefile> internally

* Simplified ProfileTokenProviderLoader API; implemented synchronized block

* Use synchronized block (#3646)

* S3 support classes take Supplier<ProfileFile> (#3653)

* S3 support classes take Supplier<ProfileFile>

* Review comments

* Presigners, other Support classes take Supplier<ProfileFile> (#3677)

* Presigners, other Support classes take Supplier<ProfileFile>

* Split new ProfileFile tests from existing parameterized tests

* Improved tests readability

* ProfileFile updates to BaseClientBuilderClass, other S3 classes (#3685)

* Leverage SdkClientOption and SdkExecutionAttributes; fallback to simp… (#3692)

* Leverage SdkClientOption and SdkExecutionAttributes; fallback to simple ProfileFile

* Addressed review comments

* Updated changelog entry (#3699)

* Fixed review comments

* Removed unnecessary logic

* Deprecated SdkClientOption PROFILE_FILE

* Deprecated SdkExecutionAttribute PROFILE_FILE

* Updated changelog entry

Author: dave-fn

.changes/next-release/feature-AWSSDKforJavav2-688d30e.json

@@ -0,0 +1,6 @@
+{
+    "category": "AWS SDK for Java v2", 
+    "contributor": "", 
+    "type": "feature", 
+    "description": "- ProfileCredentialsProvider and ProfileTokenProvider can reload credentials when disk profile changes\n- Updated DefaultCredentialsProvider chain for reloading credentials\n- Service support classes store ProfileFile as a Supplier interface\n- SdkClientOption and SdkExecutionAttributes constants for PROFILE_FILE have been deprecated in favor of PROFILE_FILE_SUPPLIER"
+}

codegen/src/main/java/software/amazon/awssdk/codegen/poet/builder/BaseClientBuilderClass.java

@@ -362,15 +362,13 @@ private MethodSpec finalizeServiceConfigurationMethod() {
 
     private void mergeServiceConfiguration(MethodSpec.Builder builder, String clientConfigClassName) {
         ClassName clientConfigClass = ClassName.bestGuess(clientConfigClassName);
-        builder.addCode("$1T.Builder serviceConfigBuilder = (($1T) config.option($2T.SERVICE_CONFIGURATION)).toBuilder();" +
-                        "serviceConfigBuilder.profileFile(serviceConfigBuilder.profileFile() "
-                        + "!= null ? serviceConfigBuilder.profileFile() : config.option($2T.PROFILE_FILE));" +
-                        "serviceConfigBuilder.profileName(serviceConfigBuilder.profileName() "
+        builder.addCode("$1T.Builder serviceConfigBuilder = (($1T) config.option($2T.SERVICE_CONFIGURATION)).toBuilder();"
+                        + "serviceConfigBuilder.profileFile(serviceConfigBuilder.profileFileSupplier() != null ? "
+                        + "serviceConfigBuilder.profileFileSupplier() : config.option($2T.PROFILE_FILE_SUPPLIER));"
+                        + "serviceConfigBuilder.profileName(serviceConfigBuilder.profileName() "
                         + "!= null ? serviceConfigBuilder.profileName() : config.option($2T.PROFILE_NAME));",
                         clientConfigClass, SdkClientOption.class);
 
-
-
         if (model.getCustomizationConfig().getServiceConfig().hasDualstackProperty()) {
             builder.addCode("if (serviceConfigBuilder.dualstackEnabled() != null) {")
                    .addCode("    $T.validState(config.option($T.DUALSTACK_ENDPOINT_ENABLED) == null, \"Dualstack has been "

codegen/src/test/resources/software/amazon/awssdk/codegen/poet/builder/test-client-builder-class.java

@@ -68,8 +68,9 @@ protected final SdkClientConfiguration finalizeServiceConfiguration(SdkClientCon
         interceptors = CollectionUtils.mergeLists(interceptors, config.option(SdkClientOption.EXECUTION_INTERCEPTORS));
         ServiceConfiguration.Builder serviceConfigBuilder = ((ServiceConfiguration) config
             .option(SdkClientOption.SERVICE_CONFIGURATION)).toBuilder();
-        serviceConfigBuilder.profileFile(serviceConfigBuilder.profileFile() != null ? serviceConfigBuilder.profileFile() : config
-            .option(SdkClientOption.PROFILE_FILE));
+        serviceConfigBuilder.profileFile(serviceConfigBuilder.profileFileSupplier() != null ?
+                                         serviceConfigBuilder.profileFileSupplier() :
+                                         config.option(SdkClientOption.PROFILE_FILE_SUPPLIER));
         serviceConfigBuilder.profileName(serviceConfigBuilder.profileName() != null ? serviceConfigBuilder.profileName() : config
             .option(SdkClientOption.PROFILE_NAME));
         if (serviceConfigBuilder.dualstackEnabled() != null) {

core/auth/pom.xml

@@ -152,6 +152,12 @@
             <artifactId>commons-lang3</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>com.google.jimfs</groupId>
+            <artifactId>jimfs</artifactId>
+            <version>${jimfs.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
     <build>
         <plugins>

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/AwsCredentialsProvider.java

@@ -30,7 +30,7 @@
 public interface AwsCredentialsProvider {
     /**
      * Returns {@link AwsCredentials} that can be used to authorize an AWS request. Each implementation of AWSCredentialsProvider
-     * can chose its own strategy for loading credentials. For example, an implementation might load credentials from an existing
+     * can choose its own strategy for loading credentials. For example, an implementation might load credentials from an existing
      * key management system, or load new credentials when credentials are rotated.
      *
      * <p>If an error occurs during the loading of credentials or credentials could not be found, a runtime exception will be

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/DefaultCredentialsProvider.java

@@ -15,9 +15,12 @@
 
 package software.amazon.awssdk.auth.credentials;
 
+import java.util.Optional;
+import java.util.function.Supplier;
 import software.amazon.awssdk.annotations.SdkPublicApi;
 import software.amazon.awssdk.auth.credentials.internal.LazyAwsCredentialsProvider;
 import software.amazon.awssdk.profiles.ProfileFile;
+import software.amazon.awssdk.profiles.ProfileFileSupplier;
 import software.amazon.awssdk.utils.SdkAutoCloseable;
 import software.amazon.awssdk.utils.ToString;
 import software.amazon.awssdk.utils.builder.CopyableBuilder;
@@ -26,8 +29,8 @@
 /**
  * AWS credentials provider chain that looks for credentials in this order:
  * <ol>
- *   <li>Java System Properties - <code>aws.accessKeyId</code> and <code>aws.secretAccessKey</code></li>
- *   <li>Environment Variables - <code>AWS_ACCESS_KEY_ID</code> and <code>AWS_SECRET_ACCESS_KEY</code></li>
+ *   <li>Java System Properties - {@code aws.accessKeyId} and {@code aws.secretAccessKey}</li>
+ *   <li>Environment Variables - {@code AWS_ACCESS_KEY_ID} and {@code AWS_SECRET_ACCESS_KEY}</li>
  *   <li>Web Identity Token credentials from system properties or environment variables</li>
  *   <li>Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI</li>
  *   <li>Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment
@@ -51,7 +54,7 @@ public final class DefaultCredentialsProvider
 
     private final LazyAwsCredentialsProvider providerChain;
 
-    private final ProfileFile profileFile;
+    private final Supplier<ProfileFile> profileFile;
 
     private final String profileName;
 
@@ -87,21 +90,21 @@ private static LazyAwsCredentialsProvider createChain(Builder builder) {
 
         return LazyAwsCredentialsProvider.create(() -> {
             AwsCredentialsProvider[] credentialsProviders = new AwsCredentialsProvider[] {
-                    SystemPropertyCredentialsProvider.create(),
-                    EnvironmentVariableCredentialsProvider.create(),
-                    WebIdentityTokenFileCredentialsProvider.create(),
-                    ProfileCredentialsProvider.builder()
-                                              .profileFile(builder.profileFile)
-                                              .profileName(builder.profileName)
-                                              .build(),
-                    ContainerCredentialsProvider.builder()
-                                                .asyncCredentialUpdateEnabled(asyncCredentialUpdateEnabled)
-                                                .build(),
-                    InstanceProfileCredentialsProvider.builder()
-                                                      .asyncCredentialUpdateEnabled(asyncCredentialUpdateEnabled)
-                                                      .profileFile(builder.profileFile)
-                                                      .profileName(builder.profileName)
-                                                      .build()
+                SystemPropertyCredentialsProvider.create(),
+                EnvironmentVariableCredentialsProvider.create(),
+                WebIdentityTokenFileCredentialsProvider.create(),
+                ProfileCredentialsProvider.builder()
+                                          .profileFile(builder.profileFile)
+                                          .profileName(builder.profileName)
+                                          .build(),
+                ContainerCredentialsProvider.builder()
+                                            .asyncCredentialUpdateEnabled(asyncCredentialUpdateEnabled)
+                                            .build(),
+                InstanceProfileCredentialsProvider.builder()
+                                                  .asyncCredentialUpdateEnabled(asyncCredentialUpdateEnabled)
+                                                  .profileFile(builder.profileFile)
+                                                  .profileName(builder.profileName)
+                                                  .build()
             };
 
             return AwsCredentialsProviderChain.builder()
@@ -144,7 +147,7 @@ public Builder toBuilder() {
      * Configuration that defines the {@link DefaultCredentialsProvider}'s behavior.
      */
     public static final class Builder implements CopyableBuilder<Builder, DefaultCredentialsProvider> {
-        private ProfileFile profileFile;
+        private Supplier<ProfileFile> profileFile;
         private String profileName;
         private Boolean reuseLastProviderEnabled = true;
         private Boolean asyncCredentialUpdateEnabled = false;
@@ -163,7 +166,13 @@ private Builder(DefaultCredentialsProvider credentialsProvider) {
         }
 
         public Builder profileFile(ProfileFile profileFile) {
-            this.profileFile = profileFile;
+            return profileFile(Optional.ofNullable(profileFile)
+                                       .map(ProfileFileSupplier::fixedProfileFile)
+                                       .orElse(null));
+        }
+
+        public Builder profileFile(Supplier<ProfileFile> profileFileSupplier) {
+            this.profileFile = profileFileSupplier;
             return this;
         }
 
@@ -198,6 +207,7 @@ public Builder asyncCredentialUpdateEnabled(Boolean asyncCredentialUpdateEnabled
         /**
          * Create a {@link DefaultCredentialsProvider} using the configuration defined in this builder.
          */
+        @Override
         public DefaultCredentialsProvider build() {
             return new DefaultCredentialsProvider(this);
         }

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProvider.java

@@ -26,6 +26,8 @@
 import java.time.Instant;
 import java.util.Collections;
 import java.util.Map;
+import java.util.Optional;
+import java.util.function.Supplier;
 import software.amazon.awssdk.annotations.SdkPublicApi;
 import software.amazon.awssdk.annotations.SdkTestInternalApi;
 import software.amazon.awssdk.auth.credentials.internal.Ec2MetadataConfigProvider;
@@ -36,6 +38,7 @@
 import software.amazon.awssdk.core.exception.SdkClientException;
 import software.amazon.awssdk.core.exception.SdkServiceException;
 import software.amazon.awssdk.profiles.ProfileFile;
+import software.amazon.awssdk.profiles.ProfileFileSupplier;
 import software.amazon.awssdk.profiles.ProfileFileSystemSetting;
 import software.amazon.awssdk.regions.util.HttpResourcesUtils;
 import software.amazon.awssdk.regions.util.ResourcesEndpointProvider;
@@ -77,7 +80,7 @@ public final class InstanceProfileCredentialsProvider
 
     private final String asyncThreadName;
 
-    private final ProfileFile profileFile;
+    private final Supplier<ProfileFile> profileFile;
 
     private final String profileName;
 
@@ -95,8 +98,8 @@ private InstanceProfileCredentialsProvider(BuilderImpl builder) {
         this.httpCredentialsLoader = HttpCredentialsLoader.create();
         this.configProvider =
             Ec2MetadataConfigProvider.builder()
-                                     .profileFile(builder.profileFile == null ? null : () -> builder.profileFile)
-                                     .profileName(builder.profileName == null ? null : builder.profileName)
+                                     .profileFile(builder.profileFile)
+                                     .profileName(builder.profileName)
                                      .build();
 
         if (Boolean.TRUE.equals(builder.asyncCredentialUpdateEnabled)) {
@@ -279,9 +282,19 @@ public interface Builder extends HttpCredentialsProvider.Builder<InstanceProfile
          * Configure the profile file used for loading IMDS-related configuration, like the endpoint mode (IPv4 vs IPv6).
          *
          * <p>By default, {@link ProfileFile#defaultProfileFile()} is used.
+         * 
+         * @see #profileFile(Supplier)
          */
         Builder profileFile(ProfileFile profileFile);
 
+        /**
+         * Define the mechanism for loading profile files.
+         *
+         * @param profileFileSupplier Supplier interface for generating a ProfileFile instance.
+         * @see #profileFile(ProfileFile)
+         */
+        Builder profileFile(Supplier<ProfileFile> profileFileSupplier);
+
         /**
          * Configure the profile name used for loading IMDS-related configuration, like the endpoint mode (IPv4 vs IPv6).
          *
@@ -292,6 +305,7 @@ public interface Builder extends HttpCredentialsProvider.Builder<InstanceProfile
         /**
          * Build a {@link InstanceProfileCredentialsProvider} from the provided configuration.
          */
+        @Override
         InstanceProfileCredentialsProvider build();
     }
 
@@ -301,7 +315,7 @@ static final class BuilderImpl implements Builder {
         private String endpoint;
         private Boolean asyncCredentialUpdateEnabled;
         private String asyncThreadName;
-        private ProfileFile profileFile;
+        private Supplier<ProfileFile> profileFile;
         private String profileName;
 
         private BuilderImpl() {
@@ -354,14 +368,25 @@ public void setAsyncThreadName(String asyncThreadName) {
 
         @Override
         public Builder profileFile(ProfileFile profileFile) {
-            this.profileFile = profileFile;
-            return this;
+            return profileFile(Optional.ofNullable(profileFile)
+                                       .map(ProfileFileSupplier::fixedProfileFile)
+                                       .orElse(null));
         }
 
         public void setProfileFile(ProfileFile profileFile) {
             profileFile(profileFile);
         }
 
+        @Override
+        public Builder profileFile(Supplier<ProfileFile> profileFileSupplier) {
+            this.profileFile = profileFileSupplier;
+            return this;
+        }
+
+        public void setProfileFile(Supplier<ProfileFile> profileFileSupplier) {
+            profileFile(profileFileSupplier);
+        }
+
         @Override
         public Builder profileName(String profileName) {
             this.profileName = profileName;