s3: workaround on-reload memleak when no role is set

AxoSyslog leaks an amount of memory every time it's reloaded if an s3 destination is configured. As a quick workaround we partially revert the patch introducing the use of `boto3.Session` when no `role()` is set. Signed-off-by: Mate Ory <[email protected]>
axoflow · Oct 1, 2024 · 8215551 · 8215551
1 parent fd5dfb1
commit 8215551
Showing 1 changed file with 18 additions and 10 deletions.
diff --git a/modules/python-modules/syslogng/modules/s3/s3_destination.py b/modules/python-modules/syslogng/modules/s3/s3_destination.py
@@ -249,13 +249,13 @@ def open(self) -> bool:
         if self.is_opened():
             return True
 
-        self.session = Session(
-            aws_access_key_id=self.access_key if self.access_key != "" else None,
-            aws_secret_access_key=self.secret_key if self.secret_key != "" else None,
-            region_name=self.region,
-        )
-
         if self.role != "":
+            self.session = Session(
+                aws_access_key_id=self.access_key if self.access_key != "" else None,
+                aws_secret_access_key=self.secret_key if self.secret_key != "" else None,
+                region_name=self.region,
+            )
+
             # NOTE: The Session.set_credentials always creates a new Credentials object from the given keys.
             # NOTE: The DeferredRefreshableCredentials class is a child of RefreshableCredentials which is a
             # NOTE: child of the Credentials class.
@@ -271,10 +271,18 @@ def open(self) -> bool:
             whoami = sts.get_caller_identity().get("Arn")
             self.logger.info(f"Using {whoami} to access the bucket")
 
-        self.client = self.session.client(
-            service_name="s3",
-            endpoint_url=self.url if self.url != "" else None,
-        )
+            self.client = self.session.client(
+                service_name="s3",
+                endpoint_url=self.url if self.url != "" else None,
+            )
+        else:
+            self.client = client(
+                service_name="s3",
+                endpoint_url=self.url if self.url != "" else None,
+                aws_access_key_id=self.access_key if self.access_key != "" else None,
+                aws_secret_access_key=self.secret_key if self.secret_key != "" else None,
+                region_name=self.region,
+            )
 
         is_opened = False
         try: