From 668b909488def37215dac6872b1bd2b742e7706b Mon Sep 17 00:00:00 2001 From: Patrick Rogers Date: Thu, 6 Oct 2022 19:14:48 -0700 Subject: [PATCH 1/3] fix: refresh credentials if expired Signed-off-by: Patrick Rogers --- pkg/roundtripper/roundtripper.go | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/pkg/roundtripper/roundtripper.go b/pkg/roundtripper/roundtripper.go index 824b77ed..64993bbe 100644 --- a/pkg/roundtripper/roundtripper.go +++ b/pkg/roundtripper/roundtripper.go @@ -36,6 +36,7 @@ const ( type AWSSigningTransport struct { t http.RoundTripper + cfg aws.Config creds aws.Credentials region string log log.Logger @@ -57,12 +58,15 @@ func NewAWSSigningTransport(transport http.RoundTripper, region string, log log. return &AWSSigningTransport{ t: transport, region: region, + cfg: cfg, creds: creds, log: log, }, err } func (a *AWSSigningTransport) RoundTrip(req *http.Request) (*http.Response, error) { + a.refreshCredentialsIfNeeded() + signer := v4.NewSigner() payloadHash, newReader, err := hashPayload(req.Body) if err != nil { @@ -78,6 +82,21 @@ func (a *AWSSigningTransport) RoundTrip(req *http.Request) (*http.Response, erro return a.t.RoundTrip(req) } +func (a *AWSSigningTransport) refreshCredentialsIfNeeded() error { + if a.creds.Expired() { + creds, err := a.cfg.Credentials.Retrieve(context.Background()) + + if err != nil { + _ = level.Error(a.log).Log("msg", "fail to retrive aws credentials", "err", err) + return err + } + + a.creds = creds + } + + return nil +} + func hashPayload(r io.ReadCloser) (string, io.ReadCloser, error) { var newReader io.ReadCloser payload := []byte("") From a6c30d2edcc999a28f3202cfd402daaeffa1bd87 Mon Sep 17 00:00:00 2001 From: Patrick Rogers Date: Thu, 6 Oct 2022 19:17:54 -0700 Subject: [PATCH 2/3] refresh error msg Signed-off-by: Patrick Rogers --- pkg/roundtripper/roundtripper.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/roundtripper/roundtripper.go b/pkg/roundtripper/roundtripper.go index 64993bbe..95403c13 100644 --- a/pkg/roundtripper/roundtripper.go +++ b/pkg/roundtripper/roundtripper.go @@ -87,7 +87,7 @@ func (a *AWSSigningTransport) refreshCredentialsIfNeeded() error { creds, err := a.cfg.Credentials.Retrieve(context.Background()) if err != nil { - _ = level.Error(a.log).Log("msg", "fail to retrive aws credentials", "err", err) + _ = level.Error(a.log).Log("msg", "fail to refresh aws credentials", "err", err) return err } From b470f0272c28cbaf4b35164b9bad4f97c64de69c Mon Sep 17 00:00:00 2001 From: Patrick Rogers Date: Thu, 6 Oct 2022 19:22:11 -0700 Subject: [PATCH 3/3] log elsewhere Signed-off-by: Patrick Rogers --- pkg/roundtripper/roundtripper.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/roundtripper/roundtripper.go b/pkg/roundtripper/roundtripper.go index 95403c13..051c3569 100644 --- a/pkg/roundtripper/roundtripper.go +++ b/pkg/roundtripper/roundtripper.go @@ -65,7 +65,9 @@ func NewAWSSigningTransport(transport http.RoundTripper, region string, log log. } func (a *AWSSigningTransport) RoundTrip(req *http.Request) (*http.Response, error) { - a.refreshCredentialsIfNeeded() + if err := a.refreshCredentialsIfNeeded(); err != nil { + _ = level.Error(a.log).Log("msg", "fail to refresh aws credentials", "err", err) + } signer := v4.NewSigner() payloadHash, newReader, err := hashPayload(req.Body) @@ -87,7 +89,6 @@ func (a *AWSSigningTransport) refreshCredentialsIfNeeded() error { creds, err := a.cfg.Credentials.Retrieve(context.Background()) if err != nil { - _ = level.Error(a.log).Log("msg", "fail to refresh aws credentials", "err", err) return err }