custom credentials providers and default caching behavior

[th11]

Confirm by changing [ ] to [x] below:

• [x] I've gone though the API reference
• [x] I've checked AWS Forums and StackOverflow for answers

Describe the question

TLDR: Should a custom credentials provider automatically be wrapped in a CredentialsCache by the default credentials resolver?

More context: The documentation for CredentialsProvider seems to imply that the provider CAN be wrapped in a cache. However, loading the config using config.LoadDefaultConfig always wraps it in a cache. I find this behavior somewhat unexpected since I want to control the behavior of the custom credentials provider if I'm passing one into the loader. It would be helpful to update documentation to call out that custom providers are always wrapped in a cache when using the default loader, OR the default resolver has a bug in that the cache shouldn't be applied by default.

We have a use-case where we want to load the credentials for each request and bypass the cache because we have temporary credentials but no expiration timestamp.

credentials providers always wrapped in cache: https://github.com/aws/aws-sdk-go-v2/blob/cf6f1423f76f034d4328737274c6a52077f9320c/config/resolve_credentials.go#L56-L58

The documentation says the following about CredentialsProvider https://github.com/aws/aws-sdk-go-v2/blob/cf6f1423f76f034d4328737274c6a52077f9320c/aws/credentials.go#L107-L114

[KaibaLopez]

Hi @th11 , So... correct me if I'm wrong but it seems like you got to the point of getting this to work, and are just asking for maybe improved documentation on the subject correct?

Assuming yes, then while I agree there is room for improvement, I don't know if this is all that obscure, it may be kind of easy to miss I guess but it's there, it's also mentioned in the developer guide. I don't know if adding it on the CredentialsProvider comments would help, I feel like we'd be getting into bloating the code if we go on that path. Anyways let me know if I missed something.

[th11]

Hi @KaibaLopez, I guess there is some confusion in my mind. The Dev guide you linked states that

If you explicitly configure a provider on aws.Config directly, you must explicitly wrap the provider with this type using NewCredentialsCache.

However, the comment for CredentialsProvider states

A credentials provider implementation can be wrapped with a CredentialCache to cache the credential value retrieved.

Is it a requirement to wrap the provider in a cache or not?

[KaibaLopez]

hmm so a credential cache wrapper is not required for the SDK, but the LoadDefaultConfig will always do it, so yea you'd have to do extra customization to avoid it. We could take this as a feature request expose an option to disable that behavior on the load default config, I think that should make things easier for you?

[th11]

@KaibaLopez - sounds good, thanks for following up.

[github-actions[bot]]

We have noticed this issue has not received attention in 1 year. We will close this issue for now. If you think this is in error, please feel free to comment and reopen the issue.