You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The implementation of AutoRefreshingProvider will cache an error forever, and this behaviour is causing us some problems using the library in production.
// no result from the future yet, let's keep using it
None => {
let res = self.credentials_provider.credentials().await;
*guard = Some(res);
}
Some(Err(e)) => returnErr(e.clone()),
Some(Ok(creds)) => {
if creds.credentials_are_expired(){
*guard = None;
}else{
returnOk(creds.clone());
};
}
}
}
}
}
I think there are a couple potential solutions to this:
Treat the Some(Err(e)) => return Err(e.clone()), match arm the same way expired credentials are treated and set the guard to None and loop again. This means it'll keep trying in the face of errors, so probably needs some sort of backoff / give-up mechanism.
Cache failures for a defined length, probably shorter than the success cache length.
If you agree that this behaviour needs changing and you let me know which approach you prefer, I'd be happy to contribute a PR. 🙂
If this is working as intended I would be keen to hear what workarounds you suggest. The behaviour we seem to be seeing is that sometimes requesting the current role from the instance profile in EC2 will fail, and that failure gets cached forever, causing our binary to get stuck in a non-functional state.
The text was updated successfully, but these errors were encountered:
Not off the top of my head. Our goal is to match the behaviors of other AWS SDKs when it comes to fundamentals like credentials, request signing, retries, etc., so your best reference is probably botocore.
The implementation of
AutoRefreshingProvider
will cache an error forever, and this behaviour is causing us some problems using the library in production.Code in question:
rusoto/rusoto/credential/src/lib.rs
Lines 274 to 298 in 69e7c91
I think there are a couple potential solutions to this:
Some(Err(e)) => return Err(e.clone()),
match arm the same way expired credentials are treated and set the guard to None and loop again. This means it'll keep trying in the face of errors, so probably needs some sort of backoff / give-up mechanism.If you agree that this behaviour needs changing and you let me know which approach you prefer, I'd be happy to contribute a PR. 🙂
If this is working as intended I would be keen to hear what workarounds you suggest. The behaviour we seem to be seeing is that sometimes requesting the current role from the instance profile in EC2 will fail, and that failure gets cached forever, causing our binary to get stuck in a non-functional state.
The text was updated successfully, but these errors were encountered: