-
Notifications
You must be signed in to change notification settings - Fork 1.2k
/
refreshing_credentials.rb
96 lines (81 loc) · 2.65 KB
/
refreshing_credentials.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# frozen_string_literal: true
module Aws
# Base class used credential classes that can be refreshed. This
# provides basic refresh logic in a thread-safe manner. Classes mixing in
# this module are expected to implement a #refresh method that populates
# the following instance variables:
#
# * `@access_key_id`
# * `@secret_access_key`
# * `@session_token`
# * `@expiration`
#
# @api private
module RefreshingCredentials
SYNC_EXPIRATION_LENGTH = 300 # 5 minutes
ASYNC_EXPIRATION_LENGTH = 600 # 10 minutes
CLIENT_EXCLUDE_OPTIONS = Set.new([:before_refresh]).freeze
def initialize(options = {})
@mutex = Mutex.new
@before_refresh = options.delete(:before_refresh) if Hash === options
@before_refresh.call(self) if @before_refresh
refresh
end
# @return [Credentials]
def credentials
refresh_if_near_expiration!
@credentials
end
# Refresh credentials.
# @return [void]
def refresh!
@mutex.synchronize do
@before_refresh.call(self) if @before_refresh
refresh
end
end
private
def sync_expiration_length
self.class::SYNC_EXPIRATION_LENGTH
end
def async_expiration_length
self.class::ASYNC_EXPIRATION_LENGTH
end
# Refreshes credentials asynchronously and synchronously.
# If we are near to expiration, block while getting new credentials.
# Otherwise, if we're approaching expiration, use the existing credentials
# but attempt a refresh in the background.
def refresh_if_near_expiration!
# Note: This check is an optimization. Rather than acquire the mutex on every #refresh_if_near_expiration
# call, we check before doing so, and then we check within the mutex to avoid a race condition.
# See issue: https://github.com/aws/aws-sdk-ruby/issues/2641 for more info.
if near_expiration?(sync_expiration_length)
@mutex.synchronize do
if near_expiration?(sync_expiration_length)
@before_refresh.call(self) if @before_refresh
refresh
end
end
elsif @async_refresh && near_expiration?(async_expiration_length)
unless @mutex.locked?
Thread.new do
@mutex.synchronize do
if near_expiration?(async_expiration_length)
@before_refresh.call(self) if @before_refresh
refresh
end
end
end
end
end
end
def near_expiration?(expiration_length)
if @expiration
# Are we within expiration?
(Time.now.to_i + expiration_length) > @expiration.to_i
else
true
end
end
end
end