Skip to content

Commit

Permalink
Clear monotonic clock when setting credential expiration values. (#3573)
Browse files Browse the repository at this point in the history
  • Loading branch information
skmcgrail authored Oct 7, 2020
1 parent e2a8f5a commit d9321b0
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
4 changes: 3 additions & 1 deletion aws/credentials/credentials.go
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,9 @@ type Expiry struct {
// the expiration time given to ensure no requests are made with expired
// tokens.
func (e *Expiry) SetExpiration(expiration time.Time, window time.Duration) {
e.expiration = expiration
// Passed in expirations should have the monotonic clock values stripped.
// This ensures time comparisons will be based on wall-time.
e.expiration = expiration.Round(0)
if window > 0 {
e.expiration = e.expiration.Add(-window)
}
Expand Down
1 change: 1 addition & 0 deletions aws/ec2metadata/token_provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ func (t *tokenProvider) enableTokenProviderHandler(r *request.Request) {
// If the error code status is 401, we enable the token provider
if e, ok := r.Error.(awserr.RequestFailure); ok && e != nil &&
e.StatusCode() == http.StatusUnauthorized {
t.token.Store(ec2Token{})
atomic.StoreUint32(&t.disabled, 0)
}
}

0 comments on commit d9321b0

Please sign in to comment.