Skip to content

Commit 4c38871

Browse files
S-Saranya1S-Saranya1
committed
Fix sts web identity provider not respecting prefetch time and stale time
1 parent 2417a30 commit 4c38871

2 files changed

Lines changed: 76 additions & 4 deletions

File tree

services/sts/src/main/java/software/amazon/awssdk/services/sts/auth/StsWebIdentityTokenFileCredentialsProvider.java

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -106,11 +106,16 @@ private StsWebIdentityTokenFileCredentialsProvider(Builder builder) {
106106
.assumeRoleWithWebIdentityRequest(assumeRoleWithWebIdentityRequest.get())
107107
.webIdentityTokenFile(credentialProperties.webIdentityTokenFile())
108108
.build();
109-
credentialsProviderLocal =
109+
110+
StsAssumeRoleWithWebIdentityCredentialsProvider.Builder internalBuilder =
110111
StsAssumeRoleWithWebIdentityCredentialsProvider.builder()
111112
.stsClient(builder.stsClient)
112-
.refreshRequest(supplier)
113-
.build();
113+
.refreshRequest(supplier);
114+
115+
internalBuilder.staleTime(this.staleTime())
116+
.prefetchTime(this.prefetchTime());
117+
118+
credentialsProviderLocal = internalBuilder.build();
114119
} catch (RuntimeException e) {
115120
// If we couldn't load the credentials provider for some reason, save an exception describing why. This exception
116121
// will only be raised on calls to getCredentials. We don't want to raise an exception here because it may be
@@ -181,7 +186,7 @@ private Builder() {
181186
}
182187

183188
private Builder(StsWebIdentityTokenFileCredentialsProvider provider) {
184-
super(StsWebIdentityTokenFileCredentialsProvider::new);
189+
super(StsWebIdentityTokenFileCredentialsProvider::new, provider);
185190
this.roleArn = provider.roleArn;
186191
this.roleSessionName = provider.roleSessionName;
187192
this.webIdentityTokenFile = provider.webIdentityTokenFile;

services/sts/src/test/java/software/amazon/awssdk/services/sts/auth/StsWebIdentityTokenCredentialProviderTest.java

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,10 +30,12 @@
3030
import software.amazon.awssdk.services.sts.model.Credentials;
3131

3232
import java.nio.file.Paths;
33+
import java.time.Duration;
3334
import java.time.Instant;
3435
import software.amazon.awssdk.testutils.EnvironmentVariableHelper;
3536

3637
import static org.mockito.Mockito.when;
38+
import static org.assertj.core.api.Assertions.assertThat;
3739

3840
@ExtendWith(MockitoExtension.class)
3941
class StsWebIdentityTokenCredentialProviderTest {
@@ -57,6 +59,18 @@ public void cleanUp(){
5759
ENVIRONMENT_VARIABLE_HELPER.reset();
5860
}
5961

62+
private void mockStsClientResponse(Instant expiration) {
63+
when(stsClient.assumeRoleWithWebIdentity(Mockito.any(AssumeRoleWithWebIdentityRequest.class)))
64+
.thenReturn(AssumeRoleWithWebIdentityResponse.builder()
65+
.credentials(Credentials.builder()
66+
.accessKeyId("key")
67+
.expiration(expiration)
68+
.sessionToken("session")
69+
.secretAccessKey("secret")
70+
.build())
71+
.build());
72+
}
73+
6074
@Test
6175
void createAssumeRoleWithWebIdentityTokenCredentialsProviderWithoutStsClient_throws_Exception() {
6276

@@ -111,4 +125,57 @@ void createAssumeRoleWithWebIdentityTokenCredentialsProvider_raisesInResolveCred
111125
// exception should be raised lazily when resolving credentials, not at creation time.
112126
Assert.assertThrows(IllegalStateException.class, provider::resolveCredentials);
113127
}
128+
129+
@Test
130+
void prefetchTimeAndStaleTime_withCustomConfiguration_shouldReturnConfiguredValues() {
131+
mockStsClientResponse(Instant.now().plusSeconds(3600));
132+
133+
StsWebIdentityTokenFileCredentialsProvider provider =
134+
StsWebIdentityTokenFileCredentialsProvider.builder()
135+
.stsClient(stsClient)
136+
.prefetchTime(Duration.ofMinutes(10))
137+
.staleTime(Duration.ofMinutes(2))
138+
.build();
139+
140+
provider.resolveCredentials();
141+
142+
assertThat(provider.prefetchTime()).isEqualTo(Duration.ofMinutes(10));
143+
assertThat(provider.staleTime()).isEqualTo(Duration.ofMinutes(2));
144+
145+
}
146+
147+
@Test
148+
void prefetchTimeAndStaleTime_withoutConfiguration_shouldReturnDefaultValues() {
149+
mockStsClientResponse(Instant.now().plusSeconds(3600));
150+
151+
StsWebIdentityTokenFileCredentialsProvider provider =
152+
StsWebIdentityTokenFileCredentialsProvider.builder()
153+
.stsClient(stsClient)
154+
.build();
155+
156+
157+
provider.resolveCredentials();
158+
159+
assertThat(provider.prefetchTime()).isEqualTo(Duration.ofMinutes(5));
160+
assertThat(provider.staleTime()).isEqualTo(Duration.ofMinutes(1));
161+
}
162+
163+
@Test
164+
void toBuilder_withTimingConfiguration_shouldPreserveConfiguration() {
165+
mockStsClientResponse(Instant.now().plusSeconds(3600));
166+
StsWebIdentityTokenFileCredentialsProvider originalProvider =
167+
StsWebIdentityTokenFileCredentialsProvider.builder()
168+
.stsClient(stsClient)
169+
.prefetchTime(Duration.ofMinutes(8))
170+
.staleTime(Duration.ofMinutes(3))
171+
.build();
172+
173+
174+
StsWebIdentityTokenFileCredentialsProvider copiedProvider = originalProvider.toBuilder().build();
175+
176+
copiedProvider.resolveCredentials();
177+
178+
assertThat(copiedProvider.prefetchTime()).isEqualTo(Duration.ofMinutes(8));
179+
assertThat(copiedProvider.staleTime()).isEqualTo(Duration.ofMinutes(3));
180+
}
114181
}

0 commit comments

Comments
 (0)