Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(credential-provider-ini): add ignoreCache option #6856

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

feat(credential-provider-ini): add ignoreCache option #6856

wants to merge 6 commits into from
+94 −0

Conversation

siddsriv
Copy link
Contributor

@siddsriv siddsriv commented Jan 30, 2025
edited
Loading

Issue

#3396

Description

Exposes the ignoreCache option for fromIni credential provider.

To note, if you run a test script using the fromIni credential provider (loading credentials from the ~/.aws/credentials file) separately each time, the Node.js process starts fresh each time, so there's no cached state between runs. But, if you modify the credentials file within the same running process, we can see the caching in effect - the credentials wouldn't update even after waiting for a while.

The exposed option ignoreCache will allow uncached/refreshed credentials from the credentials file to be used, even if the credentials file is modified within the same running process.

Testing

credential-provider-ini package updated tests

✓ src/fromIni.spec.ts (7)
 ✓ src/resolveAssumeRoleCredentials.spec.ts (23)
 ✓ src/resolveCredentialSource.spec.ts (4)
 ✓ src/resolveProcessCredentials.spec.ts (14)
 ✓ src/resolveProfileData.spec.ts (7)
 ✓ src/resolveSsoCredentials.spec.ts (9)
 ✓ src/resolveStaticCredentials.spec.ts (16)
 ✓ src/resolveWebIdentityCredentials.spec.ts (16)

 Test Files  8 passed (8)
      Tests  96 passed (96)
.
.

Additional context

Short test script to see this option in action:

import { fromIni } from "@aws-sdk/credential-provider-ini";
import { writeFileSync } from "fs";
import { homedir } from "os";
import { resolve } from "path";

const AWS_CREDENTIALS = resolve(`${homedir}/.aws/credentials`);

const getCredentials = async (ignoreCache = false) => {
  const credentials = await fromIni({ ignoreCache })();
  console.log(new Date().toISOString(), credentials);
};

// Test with caching (default behavior)
console.log("With caching:");
await getCredentials(false);

// Modify credentials file
const newCredentials = `
[default]
aws_access_key_id = hello
aws_secret_access_key = hi
`;

console.log("\nModifying credentials file...");
writeFileSync(AWS_CREDENTIALS, newCredentials);

// Test immediate read with caching
console.log("\nImmediate read with caching:");
await getCredentials(false);

// Test immediate read without caching
console.log("\nImmediate read without caching:");
await getCredentials(true);

Output:

% node creds-uncached.mjs
With caching:
2025-01-30T18:29:05.766Z {
  accessKeyId: 'foo',
  secretAccessKey: 'bar',
  sessionToken: undefined,
  '$source': { CREDENTIALS_PROFILE: 'n' }
}

Modifying credentials file...

Immediate read with caching:
2025-01-30T18:29:05.768Z {
  accessKeyId: 'foo',
  secretAccessKey: 'bar',
  sessionToken: undefined,
  '$source': { CREDENTIALS_PROFILE: 'n' }
}

Immediate read without caching:
2025-01-30T18:29:05.768Z {
  accessKeyId: 'hello',
  secretAccessKey: 'hi',
  sessionToken: undefined,
  '$source': { CREDENTIALS_PROFILE: 'n' }
}

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@siddsriv siddsriv requested a review from a team as a code owner January 30, 2025 18:28
kuhe
kuhe reviewed Jan 30, 2025
View reviewed changes
supplemental-docs/CLIENTS.md Outdated Show resolved Hide resolved
supplemental-docs/CLIENTS.md Outdated Show resolved Hide resolved
supplemental-docs/CLIENTS.md Outdated Show resolved Hide resolved
supplemental-docs/CLIENTS.md
credentials: fromTemporaryCredentials({
// your temporary credentials config
}),
});
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is this preferred?

Copy link
Contributor Author

@siddsriv siddsriv Jan 30, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no need to have the .ini file at all in that case (no filesystem operations), credentials obtained from STS directly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kuhe kuhe kuhe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@siddsriv @kuhe