From 0aa24b09f6c6eb77de92370c8724cfd346c0d40e Mon Sep 17 00:00:00 2001
From: Boku Kihara <boku_kihara@dwango.co.jp>
Date: Tue, 21 May 2024 15:24:33 +0900
Subject: [PATCH 1/2] Keep previous credentials when refresh fails

---
 src/aws_credentials.erl | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/aws_credentials.erl b/src/aws_credentials.erl
index 9064b62..4bba05e 100644
--- a/src/aws_credentials.erl
+++ b/src/aws_credentials.erl
@@ -131,12 +131,15 @@ terminate(_Reason, _State) ->
 handle_call(get_credentials, _From, State=#state{credentials=C}) ->
     {reply, C, State};
 handle_call({force_refresh, Options}, _From, State=#state{tref=T}) ->
-    {ok, C, NewT} = fetch_credentials(Options),
+    Result = fetch_credentials(Options),
     case is_reference(T) of
         true -> erlang:cancel_timer(T);
         false -> ok
     end,
-    {reply, C, State#state{credentials=C, tref=NewT}};
+    case Result of
+        {ok, undefined, NewT} -> {reply, undefined, State#state{tref=NewT}};
+        {ok, C, NewT} -> {reply, C, State#state{credentials=C, tref=NewT}}
+    end;
 handle_call(Args, _From, State) ->
     ?LOG_WARNING("Unknown call: ~p~n", [Args], #{domain => [aws_credentials]}),
     {noreply, State}.
@@ -149,8 +152,10 @@ handle_cast(Message, State) ->
 -spec handle_info(any(), state()) -> {'noreply', state()}.
 handle_info(refresh_credentials, State) ->
     ProviderOptions = application:get_env(aws_credentials, provider_options, #{}),
-    {ok, C, T} = fetch_credentials(ProviderOptions),
-    {noreply, State#state{credentials=C, tref=T}};
+    case fetch_credentials(ProviderOptions) of
+        {ok, undefined, T} -> {noreply, State#state{tref=T}};
+        {ok, C, T} -> {noreply, State#state{credentials=C, tref=T}}
+    end;
 handle_info(Message, State) ->
     ?LOG_WARNING("Unknown message: ~p~n", [Message], #{domain => [aws_credentials]}),
     {noreply, State}.
@@ -193,7 +198,8 @@ fetch_credentials(Options) ->
             {ok, undefined, setup_callback(?RETRY_DELAY)}
     end.
 
-undefined_or_fail(true) -> true;
+-spec undefined_or_fail(boolean()) -> undefined | no_return().
+undefined_or_fail(true) -> undefined;
 undefined_or_fail(false) -> error(no_credentials).
 
 -spec setup_update_callback('infinity' | binary() | integer()) -> reference().

From 5947c046dcda1bc1805be444cb7538135f389dd9 Mon Sep 17 00:00:00 2001
From: Boku Kihara <boku_kihara@dwango.co.jp>
Date: Tue, 21 May 2024 18:40:13 +0900
Subject: [PATCH 2/2] Reverted force_refresh to invalidate credentials

---
 src/aws_credentials.erl | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/src/aws_credentials.erl b/src/aws_credentials.erl
index 4bba05e..640894f 100644
--- a/src/aws_credentials.erl
+++ b/src/aws_credentials.erl
@@ -131,15 +131,12 @@ terminate(_Reason, _State) ->
 handle_call(get_credentials, _From, State=#state{credentials=C}) ->
     {reply, C, State};
 handle_call({force_refresh, Options}, _From, State=#state{tref=T}) ->
-    Result = fetch_credentials(Options),
+    {ok, C, NewT} = fetch_credentials(Options),
     case is_reference(T) of
         true -> erlang:cancel_timer(T);
         false -> ok
     end,
-    case Result of
-        {ok, undefined, NewT} -> {reply, undefined, State#state{tref=NewT}};
-        {ok, C, NewT} -> {reply, C, State#state{credentials=C, tref=NewT}}
-    end;
+    {reply, C, State#state{credentials=C, tref=NewT}};
 handle_call(Args, _From, State) ->
     ?LOG_WARNING("Unknown call: ~p~n", [Args], #{domain => [aws_credentials]}),
     {noreply, State}.