chore: fortify logic a bit

sobolk · Aug 2, 2023 · a440bbc · a440bbc
1 parent d7f3eb9
commit a440bbc
Showing 1 changed file with 14 additions and 9 deletions.
diff --git a/packages/amplify-e2e-core/src/utils/credentials-rotator.ts b/packages/amplify-e2e-core/src/utils/credentials-rotator.ts
@@ -5,13 +5,12 @@ import * as ini from 'ini';
 import * as fs from 'fs-extra';
 import { pathManager } from '@aws-amplify/amplify-cli-core';
 
-const refreshCredentials = async () => {
+const refreshCredentials = async (roleArn: string) => {
   try {
     const client = new STSClient({
       // Use CodeBuild role to assume test account role. I.e. don't read credentials from process.env
       credentials: fromContainerMetadata(),
     });
-    const roleArn = process.env.TEST_ACCOUNT_ROLE;
     const sessionName = `testSession${generateRandomShortId()}`;
     const command = new AssumeRoleCommand({
       RoleArn: roleArn,
@@ -37,16 +36,22 @@ const refreshCredentials = async () => {
   }
 };
 
+let isRotationScheduled = false;
+
 export const tryScheduleCredentialRefresh = () => {
-  // Early return outside of CI
-  if (!process.env.IS_AMPLIFY_CI) {
-    return false;
+  if (!process.env.USE_PARENT_ACCOUNT) {
+    throw new Error('Credentials rotator supports only tests running in parent account at this time');
+  }
+
+  if (!process.env.IS_AMPLIFY_CI || !process.env.TEST_ACCOUNT_ROLE || isRotationScheduled) {
+    return;
   }
 
-  console.log('Test profile credentials refresh was scheduled');
   setInterval(() => {
-    void refreshCredentials();
-  }, 10 * 60 * 1000);
+    void refreshCredentials(process.env.TEST_ACCOUNT_ROLE);
+  }, 15 * 60 * 1000);
+
+  isRotationScheduled = true;
 
-  return true;
+  console.log('Test profile credentials refresh was scheduled');
 };