Skip to content

Commit 93d8358

Browse files
sbisciglsbiscigl
committed
use expired credentials from IMDS if none exist
1 parent 9f07797 commit 93d8358

File tree

2 files changed

+12
-1
lines changed

2 files changed

+12
-1
lines changed

src/aws-cpp-sdk-core/source/config/EC2InstanceProfileConfigLoader.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@ namespace Aws
7979
auto credentialsView = credentialsDoc.View();
8080
DateTime expirationTime(credentialsView.GetString(expiration), Aws::Utils::DateFormat::ISO_8601);
8181
// re-use old credentials and not block if the IMDS call failed or if the latest credential is in the past
82-
if (expirationTime.WasParseSuccessful() && DateTime::Now() > expirationTime) {
82+
if (expirationTime.WasParseSuccessful() && DateTime::Now() > expirationTime && m_profiles.find(INSTANCE_PROFILE_KEY) != m_profiles.end()) {
8383
AWS_LOGSTREAM_ERROR(EC2_INSTANCE_PROFILE_LOG_TAG,
8484
"Expiration Time of Credentials in the past, refusing to update credentials");
8585
this->credentialsValidUntilMillis = DateTime::Now().Millis() + calculateRetryTime();

tests/aws-cpp-sdk-core-tests/aws/auth/AWSCredentialsProviderTest.cpp

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -428,6 +428,17 @@ TEST_F(InstanceProfileCredentialsProviderTest, TestEC2MetadataClientReturnsBadDa
428428
ASSERT_EQ("", provider.GetAWSCredentials().GetAWSSecretKey());
429429
}
430430

431+
TEST_F(InstanceProfileCredentialsProviderTest, TestUsesExpiredCredentialsIfNoneExist) {
432+
auto mockClient = Aws::MakeShared<MockEC2MetadataClient>(AllocationTag);
433+
434+
const char* validCredentials = R"({ "AccessKeyId": "goodAccessKey", "SecretAccessKey": "goodSecretKey", "Token": "goodToken", "Code": "Success", "Expiration": "1991-04-19T06:12:00Z" })";
435+
mockClient->SetMockedCredentialsValue(validCredentials);
436+
437+
InstanceProfileCredentialsProvider provider(Aws::MakeShared<Aws::Config::EC2InstanceProfileConfigLoader>(AllocationTag, mockClient), 10);
438+
ASSERT_EQ("goodAccessKey", provider.GetAWSCredentials().GetAWSAccessKeyId());
439+
ASSERT_EQ("goodSecretKey", provider.GetAWSCredentials().GetAWSSecretKey());
440+
}
441+
431442
static Aws::String WrapEchoStringWithSingleQuoteForUnixShell(Aws::String str)
432443
{
433444
#ifndef _WIN32

0 commit comments

Comments
 (0)