Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RefreshingAWSCredentials ShouldUpdateState() call to IsExpiredWithin() uses TimeSpan.Zero instead of PreemptExpiryTime #3613

Open
1 task
StevenKehrli opened this issue Jan 18, 2025 · 1 comment
Open
1 task

RefreshingAWSCredentials ShouldUpdateState() call to IsExpiredWithin() uses TimeSpan.Zero instead of PreemptExpiryTime #3613

StevenKehrli opened this issue Jan 18, 2025 · 1 comment
Labels
bug This issue is a bug. credentials needs-review p2 This is a standard priority issue s Effort estimation: small

Comments

@StevenKehrli
Copy link

Describe the bug

Found in commit 17334e8

RefreshingAWSCredentials calls ShouldUpdateState() on multiple paths (GetCredentials(), GetCredentialsAsync(), and UpdateToGeneratedCredentials() methods; ShouldUpdate property) with the PreemptyExpiryTime property.

However, the ShouldUpdateState() method ignores the value of the preemptExpiryTime parameter and uses TimeSpan.Zero instead. This means we will not try to update the credentials until they have already expired. (In the case of AssumeRoleAWSCredentials, the PreemptExpiryTime is 15 minutes; so 15 minutes before the expiration time.)

aws-sdk-net/sdk/src/Core/Amazon.Runtime/Credentials/RefreshingAWSCredentials.cs

Line 240 in 17334e8

var isExpired = state?.IsExpiredWithin(TimeSpan.Zero);

Regression Issue

  • Select this option if this issue appears to be a regression.

Expected Behavior

ShouldUpdateState() uses its preemptExpiryTIme parameter, so credentials are updated before they are expired.

Current Behavior

ShouldUpdateState() effectively ignored the preemptyExpiryTime, so credentials are not updated until already expired.

Reproduction Steps

Read the description.

Possible Solution

Change the below line to use the preemptExpiryTime parameter instead of TimeSpan.Zero.

Additional Information/Context

No response

AWS .NET SDK and/or Package version used

AWSSDK.Core 3.7.401.2

Targeted .NET Platform

not relevant - but .NET 9

Operating System and version

not relevant - but macOS Sequoia 15.2
@StevenKehrli StevenKehrli added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jan 18, 2025
@StevenKehrli StevenKehrli changed the title RefreshingAWSCredentials ShouldUpdateState() call to IsExpiredWithin() uses TimeSpan instead of PreemptExpiryTime RefreshingAWSCredentials ShouldUpdateState() call to IsExpiredWithin() uses TimeSpan.Zero instead of PreemptExpiryTime Jan 18, 2025
@ashishdhingra ashishdhingra added investigating This issue is being investigated and/or work is in progress to resolve the issue. credentials p2 This is a standard priority issue and removed needs-triage This issue or PR still needs to be triaged. labels Jan 21, 2025
@ashishdhingra ashishdhingra self-assigned this Jan 21, 2025
@ashishdhingra
Copy link
Contributor

@StevenKehrli Good morning. Thanks for opening the issue. I'm unsure what you found in commit 17334e8 which is related to the issue, but looking at code for ShouldUpdateState(CredentialsRefreshState state, TimeSpan preemptExpiryTime) doesn't appear to make use of preemptExpiryTime parameter. This method was added as part of refactoring done in commit 4c8d84b back in 2019. This needs review with the team on why preemptExpiryTime parameter is not used, it could be a miss.

@ashishdhingra ashishdhingra added s Effort estimation: small needs-review and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Jan 21, 2025
@ashishdhingra ashishdhingra removed their assignment Jan 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. credentials needs-review p2 This is a standard priority issue s Effort estimation: small
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@StevenKehrli @ashishdhingra