fix(auth): ec2/ecs credentials caching #2900

Author: JadenSimon

.changes/next-release/Bug Fix-bfe16ba3-99a9-4953-80fe-792a666829b8.json

@@ -0,0 +1,4 @@
+{
+	"type": "Bug Fix",
+	"description": "cached ECS/EC2 credentials not refreshed when expired"
+}

src/credentials/providers/ec2CredentialsProvider.ts

@@ -19,9 +19,9 @@ import globals from '../../shared/extensionGlobals'
  * @see CredentialsProviderType
  */
 export class Ec2CredentialsProvider implements CredentialsProvider {
-    private credentials: Credentials | undefined
     private region: string | undefined
     private available: boolean | undefined
+    private readonly createTime = Date.now()
 
     public constructor(private metadata: Ec2MetadataClient = new DefaultEc2MetadataClient()) {}
 
@@ -80,17 +80,14 @@ export class Ec2CredentialsProvider implements CredentialsProvider {
     }
 
     public getHashCode(): string {
-        return getStringHash(JSON.stringify(this.credentials))
+        return getStringHash(this.getProviderType() + `-${this.createTime}`)
     }
 
     public canAutoConnect(): boolean {
         return true
     }
 
     public async getCredentials(): Promise<Credentials> {
-        if (!this.credentials) {
-            this.credentials = await fromInstanceMetadata()()
-        }
-        return this.credentials
+        return fromInstanceMetadata()()
     }
 }

src/credentials/providers/ecsCredentialsProvider.ts

@@ -18,8 +18,8 @@ import globals from '../../shared/extensionGlobals'
  * @see CredentialsProviderType
  */
 export class EcsCredentialsProvider implements CredentialsProvider {
-    private credentials: Credentials | undefined
     private available: boolean | undefined
+    private readonly createTime = Date.now()
 
     public constructor(private provider: CredentialProvider = fromContainerMetadata()) {}
 
@@ -34,7 +34,7 @@ export class EcsCredentialsProvider implements CredentialsProvider {
         if (env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || env.AWS_CONTAINER_CREDENTIALS_FULL_URI) {
             const start = globals.clock.Date.now()
             try {
-                this.credentials = await this.provider()
+                await this.provider()
                 getLogger().verbose(`credentials: retrieved ECS container credentials`)
 
                 this.available = true
@@ -73,17 +73,14 @@ export class EcsCredentialsProvider implements CredentialsProvider {
     }
 
     public getHashCode(): string {
-        return getStringHash(JSON.stringify(this.credentials))
+        return getStringHash(this.getProviderType() + `-${this.createTime}`)
     }
 
     public canAutoConnect(): boolean {
         return true
     }
 
     public async getCredentials(): Promise<Credentials> {
-        if (!this.credentials) {
-            this.credentials = await this.provider()
-        }
-        return this.credentials
+        return this.provider()
     }
 }