Update CacheCredentialsProvider Refresh Time to 5 Minutes before Expi…

…ry (#247)
awslabs · Aug 23, 2024 · 877c029 · 877c029
1 parent 52bf591
commit 877c029
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 8 deletions.
diff --git a/source/credentials_provider_cached.c b/source/credentials_provider_cached.c
@@ -20,7 +20,7 @@ AWS_STATIC_STRING_FROM_LITERAL(s_credential_expiration_env_var, "AWS_CREDENTIAL_
 
 */
 
-#define REFRESH_CREDENTIALS_EARLY_DURATION_SECONDS 10
+#define REFRESH_CREDENTIALS_EARLY_DURATION_SECONDS 60 * 5 /* 5 minutes */
 
 struct aws_credentials_provider_cached {
     struct aws_credentials_provider *source;
@@ -120,6 +120,8 @@ static void s_cached_credentials_provider_get_credentials_async_callback(
                         AWS_TIMESTAMP_SECS,
                         AWS_TIMESTAMP_NANOS,
                         NULL);
+                } else {
+                    next_refresh_time_in_ns = high_res_now;
                 }
             }
         }

diff --git a/tests/credentials_provider_sts_tests.c b/tests/credentials_provider_sts_tests.c
@@ -2078,9 +2078,9 @@ static int s_credentials_provider_sts_cache_expiration_conflict(struct aws_alloc
         s_tester.mocked_requests[0].body.len);
 
     /* advance each time to a little before expiration, verify we get creds with the same expiration */
-    uint64_t eight_hundred_seconds_in_ns = aws_timestamp_convert(800, AWS_TIMESTAMP_SECS, AWS_TIMESTAMP_NANOS, NULL);
-    mock_aws_set_system_time(eight_hundred_seconds_in_ns);
-    mock_aws_set_high_res_time(HIGH_RES_BASE_TIME_NS + eight_hundred_seconds_in_ns);
+    uint64_t before_expiration_time = aws_timestamp_convert(599, AWS_TIMESTAMP_SECS, AWS_TIMESTAMP_NANOS, NULL);
+    mock_aws_set_system_time(before_expiration_time);
+    mock_aws_set_high_res_time(HIGH_RES_BASE_TIME_NS + before_expiration_time);
 
     s_cleanup_creds_callback_data();
 
@@ -2091,10 +2091,9 @@ static int s_credentials_provider_sts_cache_expiration_conflict(struct aws_alloc
     ASSERT_TRUE(aws_credentials_get_expiration_timepoint_seconds(s_tester.credentials) == 900);
 
     /* advance each time to after expiration but before cached provider timeout, verify we get new creds */
-    uint64_t nine_hundred_and_one_seconds_in_ns =
-        aws_timestamp_convert(901, AWS_TIMESTAMP_SECS, AWS_TIMESTAMP_NANOS, NULL);
-    mock_aws_set_system_time(nine_hundred_and_one_seconds_in_ns);
-    mock_aws_set_high_res_time(HIGH_RES_BASE_TIME_NS + nine_hundred_and_one_seconds_in_ns);
+    uint64_t after_expiration_time = aws_timestamp_convert(901, AWS_TIMESTAMP_SECS, AWS_TIMESTAMP_NANOS, NULL);
+    mock_aws_set_system_time(after_expiration_time);
+    mock_aws_set_high_res_time(HIGH_RES_BASE_TIME_NS + after_expiration_time);
 
     s_cleanup_creds_callback_data();