Skip to content

Fix StsWebIdentityTokenFileCredentialsProvider not respecting prefetchTime and staleTime configuration #6650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
S-Saranya1 wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Fix StsWebIdentityTokenFileCredentialsProvider not respecting prefetchTime and staleTime configuration #6650

S-Saranya1 wants to merge 5 commits into from
+126 −1

Conversation

@S-Saranya1
Copy link
Contributor

@S-Saranya1 S-Saranya1 commented Dec 30, 2025
edited
Loading

Motivation and Context

Fixes GitHub issue #6185 where StsWebIdentityTokenFileCredentialsProvider ignores custom prefetchTime and staleTime configurations.

Modifications

  • Fixed constructor in StsWebIdentityTokenFileCredentialsProvider to pass timing configurations (staleTime, prefetchTime, asyncCredentialUpdateEnabled) to internal StsAssumeRoleWithWebIdentityCredentialsProvider
  • Fixed to properly copy base configuration using super(constructor, provider)
  • Added public asyncCredentialUpdateEnabled() getter method

Testing

Added unit tests to validate custom configurations controls actual refresh behavior.

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have added tests to cover my changes
  • All new and existing tests passed
  • I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

@S-Saranya1 S-Saranya1 requested a review from a team as a code owner December 30, 2025 18:39
@S-Saranya1 S-Saranya1 changed the title Fix sts web identity provider not respecting prefetch time and stale … Fix sts web identity provider not respecting prefetch time and stale time Dec 30, 2025
@S-Saranya1 S-Saranya1 changed the title Fix sts web identity provider not respecting prefetch time and stale time Fix STS web identity provider not respecting prefetch time and stale time Dec 30, 2025
@S-Saranya1 S-Saranya1 changed the title Fix STS web identity provider not respecting prefetch time and stale time Fix StsWebIdentityTokenFileCredentialsProvider not respecting prefetchTime and staleTime configuration Dec 31, 2025
davidh44
davidh44 reviewed Dec 31, 2025
View reviewed changes
...ava/software/amazon/awssdk/services/sts/auth/StsWebIdentityTokenFileCredentialsProvider.java Outdated
Comment on lines 109 to 119
credentialsProviderLocal =

StsAssumeRoleWithWebIdentityCredentialsProvider.Builder internalBuilder =
StsAssumeRoleWithWebIdentityCredentialsProvider.builder()
.stsClient(builder.stsClient)
.refreshRequest(supplier)
.build();
.refreshRequest(supplier);

internalBuilder.staleTime(this.staleTime())
.prefetchTime(this.prefetchTime())
.asyncCredentialUpdateEnabled(this.asyncCredentialUpdateEnabled());

credentialsProviderLocal = internalBuilder.build();
Copy link
Contributor

@davidh44 davidh44 Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason we need internalBuilder? Can we set the fields directly?

Copy link
Contributor Author

@S-Saranya1 S-Saranya1 Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm no reason, yeah modified it to set the fields directly.

services/sts/src/main/java/software/amazon/awssdk/services/sts/auth/StsCredentialsProvider.java
@@ -131,6 +131,13 @@ public Duration prefetchTime() {
return prefetchTime;
}

/**
* Whether the provider should fetch credentials asynchronously in the background.
Copy link
Contributor

@davidh44 davidh44 Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we specify the default value is false here too?

Copy link
Contributor Author

@S-Saranya1 S-Saranya1 Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, updated.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 31, 2025

Quality Gate Passed Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davidh44 davidh44 davidh44 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@S-Saranya1 @davidh44