ensure credentials are regenerated on every connection

2025-04-16 04:38:34 +00:00 · 2025-04-16 04:38:34 +00:00 · 3ac52f3853
parent 561fd232b5
commit 3ac52f3853
1 changed files with 14 additions and 21 deletions
--- a/pkg/sessions/redis/aws-iam/auth.go
+++ b/pkg/sessions/redis/aws-iam/auth.go
@ -32,7 +32,7 @@ type AuthTokenGenerator struct {
 	region      string
 	req         *http.Request
-	credentials aws.Credentials
+	credentialsProvider aws.CredentialsProvider
 	signer              *v4.Signer
 }
@ -44,17 +44,6 @@ func New(serviceName, clusterName, userName string) (*AuthTokenGenerator, error)
 	if err != nil {
 		return nil, err
 	}
 	credentials, err := cfg.Credentials.Retrieve(ctx)
 	if err != nil {
 		return nil, err
 	}
 	if credentials.AccessKeyID == "" || credentials.SecretAccessKey == "" {
 		return nil, fmt.Errorf("AccessKeyID or SecretAccessKey is empty")
 	}
 	queryParams := url.Values{
 		"Action":        {connectAction},
 		"User":          {userName},
@ -78,16 +67,20 @@ func New(serviceName, clusterName, userName string) (*AuthTokenGenerator, error)
 		serviceName:         serviceName,
 		region:              cfg.Region,
 		req:                 req,
-		credentials: credentials,
+		credentialsProvider: cfg.Credentials,
 		signer:              v4.NewSigner(),
 	}, nil
 }
 func (atg AuthTokenGenerator) Generate() (string, error) {
-
+	ctx := context.Background()
 	credentials, err := atg.credentialsProvider.Retrieve(ctx)
 	if err != nil {
 		return "", fmt.Errorf("AWS IAM credentials retrieval failed - %v", err)
 	}
 	signedURL, _, err := atg.signer.PresignHTTP(
-		context.Background(),
+		ctx,
-		atg.credentials,
+		credentials,
 		atg.req,
 		hexEncodedSHA256EmptyString,
 		atg.serviceName,