Commit 1d27a7f9 by Mitsuhiro Tanda Committed by Torkel Ödegaard

(cloudwatch) fix wrong cache key of credentials (#5124)

parent fb4dc77f
...@@ -57,11 +57,12 @@ var awsCredentialCache map[string]cache = make(map[string]cache) ...@@ -57,11 +57,12 @@ var awsCredentialCache map[string]cache = make(map[string]cache)
var credentialCacheLock sync.RWMutex var credentialCacheLock sync.RWMutex
func getCredentials(profile string, region string, assumeRoleArn string) *credentials.Credentials { func getCredentials(profile string, region string, assumeRoleArn string) *credentials.Credentials {
cacheKey := profile + ":" + assumeRoleArn
credentialCacheLock.RLock() credentialCacheLock.RLock()
if _, ok := awsCredentialCache[profile]; ok { if _, ok := awsCredentialCache[cacheKey]; ok {
if awsCredentialCache[profile].expiration != nil && if awsCredentialCache[cacheKey].expiration != nil &&
(*awsCredentialCache[profile].expiration).After(time.Now().UTC()) { (*awsCredentialCache[cacheKey].expiration).After(time.Now().UTC()) {
result := awsCredentialCache[profile].credential result := awsCredentialCache[cacheKey].credential
credentialCacheLock.RUnlock() credentialCacheLock.RUnlock()
return result return result
} }
...@@ -118,7 +119,7 @@ func getCredentials(profile string, region string, assumeRoleArn string) *creden ...@@ -118,7 +119,7 @@ func getCredentials(profile string, region string, assumeRoleArn string) *creden
&ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(sess), ExpiryWindow: 5 * time.Minute}, &ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(sess), ExpiryWindow: 5 * time.Minute},
}) })
credentialCacheLock.Lock() credentialCacheLock.Lock()
awsCredentialCache[profile] = cache{ awsCredentialCache[cacheKey] = cache{
credential: creds, credential: creds,
expiration: expiration, expiration: expiration,
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment