About the cache time for each credentials

[wd]

According to the code here

kiam/pkg/aws/sts/cache.go

Line 141 in c95cb84

c.cache.Set(identity.String(), f, c.cacheTTL)

The cache time will be set to sessionDuration - sessionRefresh , codes here

kiam/pkg/aws/sts/cache.go

Line 57 in c95cb84

cacheTTL: sessionDuration - sessionRefresh,

But when Kiam request a new credential, it will issue the request with the time sessionDuration

kiam/pkg/aws/sts/cache.go

Line 122 in c95cb84

SessionDuration: c.sessionDuration,

In our environments, the sessionDuration is 15m, and the sessionRefresh is 5m. So If I understand correctly, the cache will expire after 10m. And after 10m, when an agent requests the credentials, the server will send an issue request to AWS synchronously, even the previous session is still valid?

If so, I think it's should be better if set the cacheTTL to sessionDuration. When an agent request credential , the server can return the cached value first, and send an issue request asynchronously to refresh it when the cache TTL is less than sessionRefresh?

[wd]

Oh, I missed the DefaultPurgeInterval setting when creating the cache.