Description
Describe the bug
We've got an S3 integration uploading files to a bucket every 5 seconds, we use AWS IAM for authentication via the DefaultCredentialsProvider.
One of the authentication options is then using Credential profiles, which by default uses the fixedProfileFile ProfileFileSupplier, and this is fine.
However, if we use the ProfileFileSupplier.defaultSupplier() which I understand uses reloadWhenModified, we get a WARN log similar to WARN s.a.a.utils.cache.CachedSupplier -- (ProfileFileSupplier()) Retrieved value expiration is in the past (2025-01-27T18:16:25.592341Z). Using expiration of 2025-01-27T18:16:26.592584Z on every S3 PUT call.
My understanding is that the credentials file will only be reloaded if it has been modified, so the stale/expiration logic in this scenario is confusing, and I can't grasp the meaning/utility of this log, specially at warn level.
Other than that, both suppliers seem to work as expected, including reload, despite the open issue .
I used our S3 integration to test the different suppliers, but this is a bigger issue with our Kafka to MSK integration, which uses the reloadWhenModified by default and every kafka client is triggering this log often, see issue over at aws-msk-iam-auth
Regression Issue
- Select this option if this issue appears to be a regression.
Expected Behavior
Ideally we'd never see the log WARN s.a.a.utils.cache.CachedSupplier -- (ProfileFileSupplier()) Retrieved value expiration is in the past (2025-01-27T18:16:25.592341Z). Using expiration of 2025-01-27T18:16:26.592584Z
Current Behavior
Our logs are filled with the mentioned warn log, although the authentication flow appears to be working as expected and we have not identified an action to solve this warning.
Reproduction Steps
- Connect to a AWS service (e.g. S3) using AWS IAM ProfileCredentialsProvider with the profileFile
ProfileFileSupplier.defaultSupplier() - Fetch credentials / call S3, you should see the warn log, wait a couple seconds, repeat call, another warn log
Skipping how to setup the S3Client, sharing the test we did by swapping from fixed profile to reloadable:
AwsCredentialsProviderChain.builder() //
.credentialsProviders( //
ProfileCredentialsProvider.builder()
.profileName(profileName)
.profileFile(ProfileFileSupplier.defaultSupplier())
.build()) //
.build();
Possible Solution
No response
Additional Information/Context
No response
AWS Java SDK version used
aws-sdkv2:2.30.6 on the S3 integration, aws-msk-iam-auth:2.2.0 on the Kafka to MSK integration
JDK version used
openjdk 11.0.22 2024-01-16 LTS OpenJDK Runtime Environment Zulu11.70+15-CA (build 11.0.22+7-LTS) OpenJDK 64-Bit Server VM Zulu11.70+15-CA (build 11.0.22+7-LTS, mixed mode)
Operating System and version
MacOS 14.5 and reproduced on EC2 with amazon linux 2