Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(credential-provider-ini): add ignoreCache option #6856

Merged
merged 6 commits into from
Feb 3, 2025
Merged

feat(credential-provider-ini): add ignoreCache option #6856

merged 6 commits into from
Feb 3, 2025

Conversation

siddsriv
Copy link
Contributor

@siddsriv siddsriv commented Jan 30, 2025
edited
Loading

Issue

#3396

Description

Exposes the ignoreCache option for fromIni credential provider.

To note, if you run a test script using the fromIni credential provider (loading credentials from the ~/.aws/credentials file) separately each time, the Node.js process starts fresh each time, so there's no cached state between runs. But, if you modify the credentials file within the same running process, we can see the caching in effect - the credentials wouldn't update even after waiting for a while.

The exposed option ignoreCache will allow uncached/refreshed credentials from the credentials file to be used, even if the credentials file is modified within the same running process.

Testing

credential-provider-ini package updated tests

✓ src/fromIni.spec.ts (7)
 ✓ src/resolveAssumeRoleCredentials.spec.ts (23)
 ✓ src/resolveCredentialSource.spec.ts (4)
 ✓ src/resolveProcessCredentials.spec.ts (14)
 ✓ src/resolveProfileData.spec.ts (7)
 ✓ src/resolveSsoCredentials.spec.ts (9)
 ✓ src/resolveStaticCredentials.spec.ts (16)
 ✓ src/resolveWebIdentityCredentials.spec.ts (16)

 Test Files  8 passed (8)
      Tests  96 passed (96)
.
.

Additional context

Short test script to see this option in action:

import { fromIni } from "@aws-sdk/credential-provider-ini";
import { writeFileSync } from "fs";
import { homedir } from "os";
import { resolve } from "path";

const AWS_CREDENTIALS = resolve(`${homedir}/.aws/credentials`);

const getCredentials = async (ignoreCache = false) => {
  const credentials = await fromIni({ ignoreCache })();
  console.log(new Date().toISOString(), credentials);
};

// Test with caching (default behavior)
console.log("With caching:");
await getCredentials(false);

// Modify credentials file
const newCredentials = `
[default]
aws_access_key_id = hello
aws_secret_access_key = hi
`;

console.log("\nModifying credentials file...");
writeFileSync(AWS_CREDENTIALS, newCredentials);

// Test immediate read with caching
console.log("\nImmediate read with caching:");
await getCredentials(false);

// Test immediate read without caching
console.log("\nImmediate read without caching:");
await getCredentials(true);

Output:

% node creds-uncached.mjs
With caching:
2025-01-30T18:29:05.766Z {
  accessKeyId: 'foo',
  secretAccessKey: 'bar',
  sessionToken: undefined,
  '$source': { CREDENTIALS_PROFILE: 'n' }
}

Modifying credentials file...

Immediate read with caching:
2025-01-30T18:29:05.768Z {
  accessKeyId: 'foo',
  secretAccessKey: 'bar',
  sessionToken: undefined,
  '$source': { CREDENTIALS_PROFILE: 'n' }
}

Immediate read without caching:
2025-01-30T18:29:05.768Z {
  accessKeyId: 'hello',
  secretAccessKey: 'hi',
  sessionToken: undefined,
  '$source': { CREDENTIALS_PROFILE: 'n' }
}

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@siddsriv siddsriv requested a review from a team as a code owner January 30, 2025 18:28
kuhe
kuhe reviewed Jan 30, 2025
View reviewed changes
supplemental-docs/CLIENTS.md
credentials: fromTemporaryCredentials({
// your temporary credentials config
}),
});
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is this preferred?

Copy link
Contributor Author

@siddsriv siddsriv Jan 30, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no need to have the .ini file at all in that case (no filesystem operations), credentials obtained from STS directly

@kuhe kuhe merged commit 11f3c3c into aws:main Feb 3, 2025
4 checks passed
@siddsriv siddsriv deleted the creds-uncached branch February 3, 2025 18:15
@siddsriv siddsriv mentioned this pull request Feb 3, 2025
Closed
@smilkuri smilkuri mentioned this pull request Feb 4, 2025
Draft
@github-actions GitHub Actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 18, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@kuhe kuhe kuhe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@siddsriv @kuhe