From 821555129ea727795022cbb192869c98cedf0349 Mon Sep 17 00:00:00 2001 From: Mate Ory Date: Tue, 1 Oct 2024 13:06:12 +0200 Subject: [PATCH] s3: workaround on-reload memleak when no role is set AxoSyslog leaks an amount of memory every time it's reloaded if an s3 destination is configured. As a quick workaround we partially revert the patch introducing the use of `boto3.Session` when no `role()` is set. Signed-off-by: Mate Ory --- .../syslogng/modules/s3/s3_destination.py | 28 ++++++++++++------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/modules/python-modules/syslogng/modules/s3/s3_destination.py b/modules/python-modules/syslogng/modules/s3/s3_destination.py index 7f94c475d..400224fe7 100644 --- a/modules/python-modules/syslogng/modules/s3/s3_destination.py +++ b/modules/python-modules/syslogng/modules/s3/s3_destination.py @@ -249,13 +249,13 @@ def open(self) -> bool: if self.is_opened(): return True - self.session = Session( - aws_access_key_id=self.access_key if self.access_key != "" else None, - aws_secret_access_key=self.secret_key if self.secret_key != "" else None, - region_name=self.region, - ) - if self.role != "": + self.session = Session( + aws_access_key_id=self.access_key if self.access_key != "" else None, + aws_secret_access_key=self.secret_key if self.secret_key != "" else None, + region_name=self.region, + ) + # NOTE: The Session.set_credentials always creates a new Credentials object from the given keys. # NOTE: The DeferredRefreshableCredentials class is a child of RefreshableCredentials which is a # NOTE: child of the Credentials class. @@ -271,10 +271,18 @@ def open(self) -> bool: whoami = sts.get_caller_identity().get("Arn") self.logger.info(f"Using {whoami} to access the bucket") - self.client = self.session.client( - service_name="s3", - endpoint_url=self.url if self.url != "" else None, - ) + self.client = self.session.client( + service_name="s3", + endpoint_url=self.url if self.url != "" else None, + ) + else: + self.client = client( + service_name="s3", + endpoint_url=self.url if self.url != "" else None, + aws_access_key_id=self.access_key if self.access_key != "" else None, + aws_secret_access_key=self.secret_key if self.secret_key != "" else None, + region_name=self.region, + ) is_opened = False try: