Description
Describe the bug
We were trying to override the StsWebIdentityTokenFileCredentialsProvider with a custom configuration as below but it doesn't seem to work.
StsWebIdentityTokenFileCredentialsProvider.builder()
.asyncCredentialUpdateEnabled(true)
.stsClient(StsClient.create())
.prefetchTime(Duration.ofMinutes(35))
.staleTime(Duration.ofMinutes(30))
.build();
Inspecting the code, it seems that StsWebIdentityTokenFileCredentialsProvider is a wrapper over StsAssumeRoleWithWebIdentityCredentialsProvider but it doesn't pass the parameters when initializing it at line106-110. Shouldn't it pass all the parameters upstream?
Regression Issue
- Select this option if this issue appears to be a regression.
Expected Behavior
StsWebIdentityTokenFileCredentialsProvider should respect prefetchTime and staleTime
Current Behavior
StsWebIdentityTokenFileCredentialsProvider ignores the prefetchTime and staleTime parameters.
Reproduction Steps
- Create a custom provider using this configuration:
StsWebIdentityTokenFileCredentialsProvider.builder()
.asyncCredentialUpdateEnabled(true)
.stsClient(StsClient.create())
.prefetchTime(Duration.ofMinutes(35))
.staleTime(Duration.ofMinutes(30))
.build();
- Verify if the session is refreshed as expected either via debug logs or Cloudtrail logs.
Possible Solution
No response
Additional Information/Context
From what I understand, the workaround is to use StsAssumeRoleWithWebIdentityCredentialsProvider directly by passing the necessary EKS pod env variables to it.
AWS Java SDK version used
v2 2.31.63
JDK version used
24
Operating System and version
amazoncorretto:24-alpine