Fix credential expirability check

Fixes a bug introduced during the refactor in e92213c, which incorrectly inverted the previous credential expirability checking logic. This caused errors about being unable to cache otherwise cachable credentials. Also changes the error log around the previous expirability check site to no longer log the error that previously came from the `ExpiresAt()` check; since this is now the wrong `err`, it's always `nil`. Addresses kubernetes-sigs#776
kanwren · Dec 4, 2024 · 1502060 · 1502060
1 parent 7739f6c
commit 1502060
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/pkg/filecache/converter.go b/pkg/filecache/converter.go
@@ -27,7 +27,7 @@ func (p *v2) Retrieve(ctx context.Context) (aws.Credentials, error) {
 		// Don't have account ID
 	}
 
-	if expiration, err := p.creds.ExpiresAt(); err != nil {
+	if expiration, err := p.creds.ExpiresAt(); err == nil {
 		resp.CanExpire = true
 		resp.Expires = expiration
 	}

diff --git a/pkg/filecache/filecache.go b/pkg/filecache/filecache.go
@@ -251,7 +251,7 @@ func (f *FileCacheProvider) RetrieveWithContext(ctx context.Context) (credential
 			}
 		} else {
 			// credential doesn't support expiration time, so can't cache, but still return the credential
-			_, _ = fmt.Fprintf(os.Stderr, "Unable to cache credential: %v\n", err)
+			_, _ = fmt.Fprint(os.Stderr, "Unable to cache credential: credential doesn't support expiration\n")
 			err = nil
 		}
 		return V2CredentialToV1Value(credential), err