func()

in internal/credsretriever/refreshing_cache.go [139:191]

• 42 lines of code
• 11 McCabe index (conditional complexity)

func (r *cachedCredentialRetriever) GetIamCredentials(ctx context.Context,
	request *credentials.EksCredentialsRequest) (*credentials.EksCredentialsResponse, credentials.ResponseMetadata, error) {
	log := logger.FromContext(ctx)
	if request == nil {
		return nil, nil, fmt.Errorf("request to fetch credentials is empty, this is most likely a bug")
	}

	if request.ServiceAccountToken == "" {
		return nil, nil, fmt.Errorf("service account is empty, cannot fetch credentials without a valid one")
	}

	for i := 0; i <= defaultActiveRequestRetries; i++ {
		// Check if the request is in the cache, if it is, return it
		if val, ok := r.internalCache.Get(request.ServiceAccountToken); ok {
			if _, withinTtl := r.credentialsInEntryWithinValidTtl(val); withinTtl {
				log.WithField("cache-hit", 1).Tracef("Using cached credentials")
				return val.credentials, nil, nil
			}

			log.Info("Identified that entry in cache contains credentials with small ttl or invalid ttl, will be deleted")
			r.internalCache.Delete(request.ServiceAccountToken)
			break
		}

		if _, ok := r.internalActiveRequestCache.Get(request.ServiceAccountToken); !ok {
			// No active request, exit the loop to fetch from delegate
			break
		} else {
			if i > 0 {
				log.Infof("Waiting for active request with %v tries", i)
			}
			// Wait for active request to finish caching into internalCache, if not the last retry
			if i < defaultActiveRequestRetries {
				time.Sleep(defaultActiveRequestWaitTime)
			}
		}
	}

	if _, ok := r.internalActiveRequestCache.Get(request.ServiceAccountToken); ok {
		log.Warnf("Failed to complete active request in %v tries", defaultActiveRequestRetries)
	}

	r.internalActiveRequestCache.Add(request.ServiceAccountToken, nil)
	defer r.internalActiveRequestCache.Delete(request.ServiceAccountToken)

	log.WithField("cache-hit", 0).Tracef("Could not find entry in cache, requesting creds from delegate")

	iamCredentials, metadata, err := r.callDelegateAndCache(ctx, request)
	if err != nil {
		return nil, nil, err
	}
	return iamCredentials.credentials, metadata, nil
}