diff options
author | Morten Tokle <mortent@yahooinc.com> | 2023-11-21 11:29:29 +0100 |
---|---|---|
committer | Morten Tokle <mortent@yahooinc.com> | 2023-11-21 11:29:29 +0100 |
commit | bb1946dc2280798527e8cc781540453d2fd501b8 (patch) | |
tree | 0ecec03df447f2f17372144549d8fd0ca77d38ab /jdisc-cloud-aws | |
parent | 636e40c60c13d042039289e78e9e7cd9d9abf3c7 (diff) |
Refresh old credentials
Diffstat (limited to 'jdisc-cloud-aws')
2 files changed, 9 insertions, 1 deletions
diff --git a/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java b/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java index 6de8b5c0142..f307e903b19 100644 --- a/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java +++ b/jdisc-cloud-aws/src/main/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProvider.java @@ -43,7 +43,7 @@ public class VespaAwsCredentialsProvider implements AWSCredentialsProvider { @Override public AWSCredentials getCredentials() { Credentials sessionCredentials = credentials.get(); - if (Duration.between(clock.instant(), sessionCredentials.expiry).abs().compareTo(REFRESH_INTERVAL)<0) { + if (Duration.between(clock.instant(), sessionCredentials.expiry).compareTo(REFRESH_INTERVAL)<0) { refresh(); sessionCredentials = credentials.get(); } diff --git a/jdisc-cloud-aws/src/test/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProviderTest.java b/jdisc-cloud-aws/src/test/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProviderTest.java index 63cfd2f1eeb..889aa0f02c1 100644 --- a/jdisc-cloud-aws/src/test/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProviderTest.java +++ b/jdisc-cloud-aws/src/test/java/com/yahoo/jdisc/cloud/aws/VespaAwsCredentialsProviderTest.java @@ -27,6 +27,7 @@ public class VespaAwsCredentialsProviderTest { Instant updatedExpiry = clock.instant().plus(Duration.ofHours(24)); writeCredentials(credentialsPath, updatedExpiry); + // File updated, but old credentials still valid credentials = credentialsProvider.getCredentials(); assertExpiryEquals(originalExpiry, credentials); @@ -35,6 +36,13 @@ public class VespaAwsCredentialsProviderTest { clock.advance(Duration.ofHours(11).plus(Duration.ofMinutes(31))); credentials = credentialsProvider.getCredentials(); assertExpiryEquals(updatedExpiry, credentials); + + // Credentials refreshes when they are long expired (since noone asked for them for a long time) + updatedExpiry = clock.instant().plus(Duration.ofDays(12)); + writeCredentials(credentialsPath, updatedExpiry); + clock.advance(Duration.ofDays(11)); + credentials = credentialsProvider.getCredentials(); + assertExpiryEquals(updatedExpiry, credentials); } @Test |