Update credentials.go (#1841)

* Update credentials.go * Add test case for coverage * Add changelog description Co-authored-by: Sean McGrail <mcgrails@amazon.com>
aws · Sep 12, 2022 · b011f04 · b011f04
1 parent 018b8c3
commit b011f04
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 2 deletions.
diff --git a/.changelog/363e17c617154bf4b6f4f27355dce260.json b/.changelog/363e17c617154bf4b6f4f27355dce260.json
@@ -0,0 +1,8 @@
+{
+    "id": "363e17c6-1715-4bf4-b6f4-f27355dce260",
+    "type": "bugfix",
+    "description": "Fixes an issues where an error from an underlying SigV4 credential provider would not be surfaced from the SigV4a credential provider. Contribution by [sakthipriyan-aqfer](https://github.com/sakthipriyan-aqfer).",
+    "modules": [
+        "internal/v4a"
+    ]
+}
diff --git a/internal/v4a/credentials.go b/internal/v4a/credentials.go
@@ -51,7 +51,7 @@ type SymmetricCredentialAdaptor struct {
 func (s *SymmetricCredentialAdaptor) Retrieve(ctx context.Context) (aws.Credentials, error) {
 	symCreds, err := s.retrieveFromSymmetricProvider(ctx)
 	if err != nil {
-		return aws.Credentials{}, nil
+		return aws.Credentials{}, err
 	}
 
 	if asymCreds := s.getCreds(); asymCreds == nil {

diff --git a/internal/v4a/credentials_test.go b/internal/v4a/credentials_test.go
@@ -9,9 +9,15 @@ import (
 
 type rotatingCredsProvider struct {
 	count int
+	fail  chan struct{}
 }
 
 func (r *rotatingCredsProvider) Retrieve(ctx context.Context) (aws.Credentials, error) {
+	select {
+	case <-r.fail:
+		return aws.Credentials{}, fmt.Errorf("rotatingCredsProvider error")
+	default:
+	}
 	credentials := aws.Credentials{
 		AccessKeyID:     fmt.Sprintf("ACCESS_KEY_ID_%d", r.count),
 		SecretAccessKey: fmt.Sprintf("SECRET_ACCESS_KEY_%d", r.count),
@@ -21,7 +27,10 @@ func (r *rotatingCredsProvider) Retrieve(ctx context.Context) (aws.Credentials,
 }
 
 func TestSymmetricCredentialAdaptor(t *testing.T) {
-	provider := &rotatingCredsProvider{}
+	provider := &rotatingCredsProvider{
+		count: 0,
+		fail:  make(chan struct{}),
+	}
 
 	adaptor := &SymmetricCredentialAdaptor{SymmetricProvider: provider}
 
@@ -58,4 +67,10 @@ func TestSymmetricCredentialAdaptor(t *testing.T) {
 	if load := adaptor.asymmetric.Load(); load.(*Credentials) != nil {
 		t.Errorf("expect asymmetric credentials to be nil")
 	}
+
+	close(provider.fail) // All requests to the original provider will now fail from this point-on.
+	_, err := adaptor.Retrieve(context.Background())
+	if err == nil {
+		t.Error("expect error, got nil")
+	}
 }