- release drafter

- make config builders generic
- force refresh with managedidentity
- skipcache with confidentialclientapp
- add builder cloners

Author: atakavci

.github/workflows/release-drafter.yml

@@ -5,7 +5,8 @@ on:
     # branches to consider in the event; optional, defaults to all
     branches:
       - master
-
+  workflow_dispatch:
+  
 jobs:
   update_release_draft:
     runs-on: ubuntu-latest

core/src/main/java/redis/clients/authentication/core/TokenAuthConfig.java

@@ -23,42 +23,42 @@ public static Builder builder() {
         return new Builder();
     }
 
-    public static class Builder {
+    public static class Builder<T extends Builder<T>> {
         private IdentityProviderConfig identityProviderConfig;
         private int lowerRefreshBoundMillis;
         private float expirationRefreshRatio;
         private int tokenRequestExecTimeoutInMs;
         private int maxAttemptsToRetry;
         private int delayInMsToRetry;
 
-        public Builder expirationRefreshRatio(float expirationRefreshRatio) {
+        public T expirationRefreshRatio(float expirationRefreshRatio) {
             this.expirationRefreshRatio = expirationRefreshRatio;
-            return this;
+            return (T) this;
         }
 
-        public Builder lowerRefreshBoundMillis(int lowerRefreshBoundMillis) {
+        public T lowerRefreshBoundMillis(int lowerRefreshBoundMillis) {
             this.lowerRefreshBoundMillis = lowerRefreshBoundMillis;
-            return this;
+            return (T) this;
         }
 
-        public Builder tokenRequestExecTimeoutInMs(int tokenRequestExecTimeoutInMs) {
+        public T tokenRequestExecTimeoutInMs(int tokenRequestExecTimeoutInMs) {
             this.tokenRequestExecTimeoutInMs = tokenRequestExecTimeoutInMs;
-            return this;
+            return (T) this;
         }
 
-        public Builder maxAttemptsToRetry(int maxAttemptsToRetry) {
+        public T maxAttemptsToRetry(int maxAttemptsToRetry) {
             this.maxAttemptsToRetry = maxAttemptsToRetry;
-            return this;
+            return (T) this;
         }
 
-        public Builder delayInMsToRetry(int delayInMsToRetry) {
+        public T delayInMsToRetry(int delayInMsToRetry) {
             this.delayInMsToRetry = delayInMsToRetry;
-            return this;
+            return (T) this;
         }
 
-        public Builder identityProviderConfig(IdentityProviderConfig identityProviderConfig) {
+        public T identityProviderConfig(IdentityProviderConfig identityProviderConfig) {
             this.identityProviderConfig = identityProviderConfig;
-            return this;
+            return (T) this;
         }
 
         public TokenAuthConfig build() {
@@ -67,5 +67,14 @@ public TokenAuthConfig build() {
                     new TokenManagerConfig.RetryPolicy(maxAttemptsToRetry, delayInMsToRetry)),
                     identityProviderConfig);
         }
+
+        public static Builder from(Builder sample) {
+            return new Builder().expirationRefreshRatio(sample.expirationRefreshRatio)
+                    .lowerRefreshBoundMillis(sample.lowerRefreshBoundMillis)
+                    .tokenRequestExecTimeoutInMs(sample.tokenRequestExecTimeoutInMs)
+                    .maxAttemptsToRetry(sample.maxAttemptsToRetry)
+                    .delayInMsToRetry(sample.delayInMsToRetry)
+                    .identityProviderConfig(sample.identityProviderConfig);
+        }
     }
 }

core/src/main/java/redis/clients/authentication/core/TokenManager.java

@@ -8,6 +8,7 @@
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicInteger;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -18,12 +19,10 @@ public class TokenManager {
     private IdentityProvider identityProvider;
     private TokenListener listener;
     private ScheduledExecutorService scheduler = Executors.newSingleThreadScheduledExecutor();
-    
-    // TODO: manage thread pool to avoid blocking on IDP hangs
     private ExecutorService executor = Executors.newFixedThreadPool(2);
     private boolean stopped = false;
     private ScheduledFuture<?> scheduledTask;
-    private int numberOfRetries = 0;
+    private AtomicInteger numberOfRetries = new AtomicInteger(0);
     private Exception lastException;
     private Logger logger = LoggerFactory.getLogger(getClass());
     private Token currentToken = null;
@@ -86,8 +85,8 @@ protected Token renewToken() {
             listener.onTokenRenewed(newToken);
             return newToken;
         } catch (Exception e) {
-            if (numberOfRetries < tokenManagerConfig.getRetryPolicy().getMaxAttempts()) {
-                numberOfRetries++;
+            if (numberOfRetries.getAndIncrement() < tokenManagerConfig.getRetryPolicy()
+                    .getMaxAttempts()) {
                 scheduledTask = scheduleNext(tokenManagerConfig.getRetryPolicy().getdelayInMs());
             } else {
                 TokenRequestException tre = new TokenRequestException(unwrap(e), lastException);

entraid/src/main/java/redis/clients/authentication/entraid/EntraIDIdentityProvider.java

@@ -20,7 +20,8 @@ public final class EntraIDIdentityProvider implements IdentityProvider {
 
     private Supplier<IAuthenticationResult> resultSupplier;
 
-    public EntraIDIdentityProvider(ServicePrincipalInfo servicePrincipalInfo, Set<String> scopes) {
+    public EntraIDIdentityProvider(ServicePrincipalInfo servicePrincipalInfo, Set<String> scopes,
+            int timeout) {
         IClientCredential credential = getClientCredential(servicePrincipalInfo);
         ConfidentialClientApplication app;
 
@@ -30,20 +31,22 @@ public EntraIDIdentityProvider(ServicePrincipalInfo servicePrincipalInfo, Set<St
                     : authority;
             app = ConfidentialClientApplication
                     .builder(servicePrincipalInfo.getClientId(), credential).authority(authority)
-                    .build();
+                    .readTimeoutForDefaultHttpClient(timeout).build();
         } catch (MalformedURLException e) {
             throw new RedisEntraIDException("Failed to init EntraID client!", e);
         }
-        ClientCredentialParameters params = ClientCredentialParameters.builder(scopes).build();
+        ClientCredentialParameters params = ClientCredentialParameters.builder(scopes)
+                .skipCache(true).build();
 
         resultSupplier = () -> supplierForConfidentialApp(app, params);
     }
 
-    public EntraIDIdentityProvider(ManagedIdentityInfo info, Set<String> scopes) {
-        ManagedIdentityApplication app = ManagedIdentityApplication.builder(info.getId()).build();
+    public EntraIDIdentityProvider(ManagedIdentityInfo info, Set<String> scopes, int timeout) {
+        ManagedIdentityApplication app = ManagedIdentityApplication.builder(info.getId())
+                .readTimeoutForDefaultHttpClient(timeout).build();
 
         ManagedIdentityParameters params = ManagedIdentityParameters
-                .builder(scopes.iterator().next()).build();
+                .builder(scopes.iterator().next()).forceRefresh(true).build();
         resultSupplier = () -> supplierForManagedIdentityApp(app, params);
     }
 

entraid/src/main/java/redis/clients/authentication/entraid/EntraIDIdentityProviderConfig.java

@@ -8,16 +8,16 @@
 import redis.clients.authentication.core.IdentityProvider;
 import redis.clients.authentication.core.IdentityProviderConfig;
 
-public final class EntraIDIdentityProviderConfig implements IdentityProviderConfig, AutoCloseable {
+public final class EntraIDIdentityProviderConfig implements IdentityProviderConfig {
 
-    private Supplier<IdentityProvider> providerSupplier;
+    private final Supplier<IdentityProvider> providerSupplier;
 
-    public EntraIDIdentityProviderConfig(ServicePrincipalInfo info, Set<String> scopes) {
-        providerSupplier = () -> new EntraIDIdentityProvider(info, scopes);
+    public EntraIDIdentityProviderConfig(ServicePrincipalInfo info, Set<String> scopes, int timeout) {
+        providerSupplier = () -> new EntraIDIdentityProvider(info, scopes, timeout);
     }
 
-    public EntraIDIdentityProviderConfig(ManagedIdentityInfo info, Set<String> scopes) {
-        providerSupplier = () -> new EntraIDIdentityProvider(info, scopes);
+    public EntraIDIdentityProviderConfig(ManagedIdentityInfo info, Set<String> scopes, int timeout) {
+        providerSupplier = () -> new EntraIDIdentityProvider(info, scopes, timeout);
     }
 
     public EntraIDIdentityProviderConfig(
@@ -28,16 +28,6 @@ public EntraIDIdentityProviderConfig(
     @Override
     public IdentityProvider getProvider() {
         IdentityProvider identityProvider = providerSupplier.get();
-        clear();
         return identityProvider;
     }
-
-    @Override
-    public void close() throws Exception {
-        clear();
-    }
-
-    private void clear() {
-        providerSupplier = null;
-    }
 }

entraid/src/main/java/redis/clients/authentication/entraid/EntraIDTokenAuthConfigBuilder.java

@@ -8,11 +8,12 @@
 import com.microsoft.aad.msal4j.IAuthenticationResult;
 
 import redis.clients.authentication.core.TokenAuthConfig;
+import redis.clients.authentication.core.TokenManagerConfig;
 import redis.clients.authentication.entraid.ManagedIdentityInfo.UserManagedIdentityType;
 import redis.clients.authentication.entraid.ServicePrincipalInfo.ServicePrincipalAccess;
 
-public class EntraIDTokenAuthConfigBuilder extends TokenAuthConfig.Builder
-        implements AutoCloseable {
+public class EntraIDTokenAuthConfigBuilder
+        extends TokenAuthConfig.Builder<EntraIDTokenAuthConfigBuilder> implements AutoCloseable {
     public static final float DEFAULT_EXPIRATION_REFRESH_RATIO = 0.8F;
     public static final int DEFAULT_LOWER_REFRESH_BOUND_MILLIS = 2 * 60 * 1000;
     public static final int DEFAULT_TOKEN_REQUEST_EXECUTION_TIMEOUT_IN_MS = 1000;
@@ -27,6 +28,7 @@ public class EntraIDTokenAuthConfigBuilder extends TokenAuthConfig.Builder
     private Set<String> scopes;
     private ServicePrincipalAccess accessWith;
     private ManagedIdentityInfo mii;
+    private int tokenRequestExecTimeoutInMs;
     private Supplier<IAuthenticationResult> customEntraIdAuthenticationSupplier;
 
     public EntraIDTokenAuthConfigBuilder() {
@@ -82,6 +84,14 @@ public EntraIDTokenAuthConfigBuilder scopes(Set<String> scopes) {
         return this;
     }
 
+    @Override
+    public EntraIDTokenAuthConfigBuilder tokenRequestExecTimeoutInMs(
+            int tokenRequestExecTimeoutInMs) {
+        super.tokenRequestExecTimeoutInMs(tokenRequestExecTimeoutInMs);
+        this.tokenRequestExecTimeoutInMs = tokenRequestExecTimeoutInMs;
+        return this;
+    }
+
     public TokenAuthConfig build() {
         ServicePrincipalInfo spi = null;
         if (key != null || cert != null || secret != null) {
@@ -103,10 +113,12 @@ public TokenAuthConfig build() {
                     "Cannot have both customEntraIdAuthenticationSupplier and ServicePrincipal/ManagedIdentity!");
         }
         if (spi != null) {
-            super.identityProviderConfig(new EntraIDIdentityProviderConfig(spi, scopes));
+            super.identityProviderConfig(
+                new EntraIDIdentityProviderConfig(spi, scopes, tokenRequestExecTimeoutInMs));
         }
         if (mii != null) {
-            super.identityProviderConfig(new EntraIDIdentityProviderConfig(mii, scopes));
+            super.identityProviderConfig(
+                new EntraIDIdentityProviderConfig(mii, scopes, tokenRequestExecTimeoutInMs));
         }
         if (customEntraIdAuthenticationSupplier != null) {
             super.identityProviderConfig(
@@ -129,4 +141,28 @@ public void close() throws Exception {
     public static EntraIDTokenAuthConfigBuilder builder() {
         return new EntraIDTokenAuthConfigBuilder();
     }
+
+    public static EntraIDTokenAuthConfigBuilder from(EntraIDTokenAuthConfigBuilder sample) {
+        TokenAuthConfig tokenAuthConfig = TokenAuthConfig.Builder.from(sample).build();
+        TokenManagerConfig tokenManagerConfig = tokenAuthConfig.getTokenManagerConfig();
+
+        EntraIDTokenAuthConfigBuilder builder = (EntraIDTokenAuthConfigBuilder) new EntraIDTokenAuthConfigBuilder()
+                .expirationRefreshRatio(tokenManagerConfig.getExpirationRefreshRatio())
+                .lowerRefreshBoundMillis(tokenManagerConfig.getLowerRefreshBoundMillis())
+                .tokenRequestExecTimeoutInMs(tokenManagerConfig.getTokenRequestExecTimeoutInMs())
+                .maxAttemptsToRetry(tokenManagerConfig.getRetryPolicy().getMaxAttempts())
+                .delayInMsToRetry(tokenManagerConfig.getRetryPolicy().getdelayInMs())
+                .identityProviderConfig(tokenAuthConfig.getIdentityProviderConfig());
+
+        builder.accessWith = sample.accessWith;
+        builder.authority = sample.authority;
+        builder.cert = sample.cert;
+        builder.clientId = sample.clientId;
+        builder.customEntraIdAuthenticationSupplier = sample.customEntraIdAuthenticationSupplier;
+        builder.key = sample.key;
+        builder.mii = sample.mii;
+        builder.scopes = sample.scopes;
+        builder.secret = sample.secret;
+        return builder;
+    }
 }

entraid/src/test/java/redis/clients/authentication/EntraIDIntegrationTests.java

@@ -17,7 +17,7 @@ public void requestTokenWithSecret() throws MalformedURLException {
                                 testCtx.getClientId(), testCtx.getClientSecret(),
                                 testCtx.getAuthority());
                 Token token = new EntraIDIdentityProvider(servicePrincipalInfo,
-                                testCtx.getRedisScopes()).requestToken();
+                                testCtx.getRedisScopes(),1000).requestToken();
 
                 assertNotNull(token.getValue());
         }
@@ -29,7 +29,7 @@ public void requestTokenWithCert() throws MalformedURLException {
                                 testCtx.getClientId(), testCtx.getPrivateKey(), testCtx.getCert(),
                                 testCtx.getAuthority());
                 Token token = new EntraIDIdentityProvider(servicePrincipalInfo,
-                                testCtx.getRedisScopes()).requestToken();
+                                testCtx.getRedisScopes(),1000).requestToken();
                 assertNotNull(token.getValue());
         }