pplu · keithduncan · Apr 28, 2025 · Apr 28, 2025 · Apr 28, 2025 · Apr 28, 2025
diff --git a/benchmarks/util/dynamodb-decode.pl b/benchmarks/util/dynamodb-decode.pl
@@ -45,11 +45,15 @@ BEGIN
 package Test::CustomCredentials {
   use Moose;
   use Paws::Credential;
+  use Paws::Credential::Explicit;
   with 'Paws::Credential';
 
-  sub access_key { 'CustomAK' };
-  sub secret_key { 'CustomSK' };
-  sub session_token {};
+  sub refresh {
+    return Paws::Credential::Explicit->new(
+      access_key => 'CustomAK',
+      secret_key => 'CustomSK',
+    );
+  }
 
   __PACKAGE__->meta->make_immutable;
 };

diff --git a/examples/athena.pl b/examples/athena.pl
@@ -75,7 +75,7 @@
   $status->QueryExecution->ResultConfiguration->OutputLocation . "\n"
   if $opt->verbose;
 
-my $a = Paws::Credential::ProviderChain->new->selected_provider;
+my $a = Paws::Credential::ProviderChain->new->refresh;
 
 # Paws::S3 is marked as unstable; the following wouldn't work with IAM roles.
 my $s3 = Net::Amazon::S3->new(

diff --git a/examples/sts-saml.pl b/examples/sts-saml.pl
@@ -92,13 +92,15 @@
     $config = Config::INI::Reader->read_file($aws_creds_file);
 }
 
+my $a = $creds->refresh;
+
 my $profile = lc $short_role;
 try {
     $config->{$profile} = {
         region                => $region,
-        aws_access_key_id     => $creds->access_key,
-        aws_secret_access_key => $creds->secret_key,
-        aws_session_token     => $creds->session_token,
+        aws_access_key_id     => $a->access_key,
+        aws_secret_access_key => $a->secret_key,
+        aws_session_token     => $a->session_token,
     };
 } catch(Paws::Exception $e) {
     die sprintf "FATAL: %s - %s\n", $e->code, $e->message;

diff --git a/lib/Paws/API/Caller.pm b/lib/Paws/API/Caller.pm
@@ -10,7 +10,6 @@ package Paws::API::Caller;
     is => 'ro',
     does => 'Paws::Credential',
     required => 1,
-    handles => [ 'access_key', 'secret_key', 'session_token' ],
   );
 
   # converts the params the user passed to the call into objects that represent the call

diff --git a/lib/Paws/Credential.pm b/lib/Paws/Credential.pm
@@ -1,13 +1,11 @@
 package Paws::Credential;
   use Moose::Role;
 
-  requires 'access_key';
-  requires 'secret_key';
-  requires 'session_token';
+  requires 'refresh';
 
   sub are_set {
     my $self = shift;
-    return (defined $self->access_key && defined $self->secret_key);
+    return (defined $self->refresh);
   }
 
   no Moose;

diff --git a/lib/Paws/Credential/AssumeRole.pm b/lib/Paws/Credential/AssumeRole.pm
@@ -1,35 +1,18 @@
 package Paws::Credential::AssumeRole;
   use Moose;
   use DateTime::Format::ISO8601;
+  use Paws::Credential::Explicit;
   with 'Paws::Credential';
 
+  has credentials => (is => 'rw', isa => 'Paws::Credential::Explicit|Undef');
+
   has expiration => (
     is => 'rw',
     isa => 'Int',
     lazy => 1,
     default => sub { 0 }
   );
 
-  has actual_creds => (is => 'rw');
-
-  sub access_key {
-    my $self = shift;
-    $self->_refresh;
-    $self->actual_creds->AccessKeyId;
-  }
-
-  sub secret_key {
-    my $self = shift;
-    $self->_refresh;
-    $self->actual_creds->SecretAccessKey;
-  }
-
-  sub session_token {
-    my $self = shift;
-    $self->_refresh;
-    $self->actual_creds->SessionToken;
-  }
-
   has sts_region => (is => 'ro', isa => 'Str|Undef', default => sub { undef });
 
   has sts => (is => 'ro', isa => 'Paws::STS', lazy => 1, default => sub {
@@ -44,10 +27,12 @@ package Paws::Credential::AssumeRole;
   has RoleArn => (is => 'rw', isa => 'Str', required => 1);
   has RoleSessionName => (is => 'rw', isa => 'Str', required => 1);
 
-  sub _refresh {
+  sub refresh {
     my $self = shift;
 
-    return if $self->expiration >= time;
+    if ( $self->credentials && $self->expiration >= time ) {
+      return $self->credentials;
+    }
 
     my $result = $self->sts->AssumeRole(
       RoleSessionName => $self->RoleSessionName,
@@ -57,8 +42,14 @@ package Paws::Credential::AssumeRole;
       (defined $self->Policy) ? (Policy => $self->Policy) : (),
     );
 
-    my $creds = $self->actual_creds($result->Credentials);
+    $self->credentials(Paws::Credential::Explicit->new(
+      access_key => $result->Credentials->AccessKeyId,
+      secret_key => $result->Credentials->SecretAccessKey,
+      session_token => $result->Credentials->SessionToken,
+    ));
     $self->expiration(DateTime::Format::ISO8601->parse_datetime($result->Credentials->Expiration)->epoch);
+
+    return $self->credentials;
   }
 
   no Moose;

diff --git a/lib/Paws/Credential/AssumeRoleWithSAML.pm b/lib/Paws/Credential/AssumeRoleWithSAML.pm
@@ -2,36 +2,18 @@ package Paws::Credential::AssumeRoleWithSAML;
   use Moose;
   use DateTime::Format::ISO8601;
   use Paws::Credential::None;
-
+  use Paws::Credential::Explicit;
   with 'Paws::Credential';
 
+  has credentials => (is => 'rw', isa => 'Paws::Credential::Explicit|Undef');
+
   has expiration => (
     is => 'rw',
     isa => 'Int',
     lazy => 1,
     default => sub { 0 }
   );
 
-  has actual_creds => (is => 'rw');
-
-  sub access_key {
-    my $self = shift;
-    $self->_refresh;
-    $self->actual_creds->AccessKeyId;
-  }
-
-  sub secret_key {
-    my $self = shift;
-    $self->_refresh;
-    $self->actual_creds->SecretAccessKey;
-  }
-
-  sub session_token {
-    my $self = shift;
-    $self->_refresh;
-    $self->actual_creds->SessionToken;
-  }
-
   has sts_region => (is => 'ro', isa => 'Str|Undef', default => sub { undef });
 
   has sts => (is => 'ro', isa => 'Paws::STS', lazy => 1, default => sub {
@@ -46,10 +28,12 @@ package Paws::Credential::AssumeRoleWithSAML;
   has PrincipalArn => (is => 'rw', isa => 'Str', required => 1);
   has SAMLAssertion => (is => 'rw', isa => 'Str', required => 1);
 
-  sub _refresh {
+  sub refresh {
     my $self = shift;
 
-    return if $self->expiration >= time;
+    if ( $self->credentials && $self->expiration >= time ) {
+      return $self->credentials;
+    }
 
     my $result = $self->sts->AssumeRoleWithSAML(
       RoleArn => $self->RoleArn,
@@ -59,11 +43,13 @@ package Paws::Credential::AssumeRoleWithSAML;
       (defined $self->Policy) ? (Policy => $self->Policy) : (),
     );
 
-    my $creds = $self->actual_creds($result->Credentials);
-
+    $self->credentials(Paws::Credential::Explicit->new(
+      access_key => $result->Credentials->AccessKeyId,
+      secret_key => $result->Credentials->SecretAccessKey,
+      session_token => $result->Credentials->SessionToken,
+    ));
     $self->expiration(DateTime::Format::ISO8601->parse_datetime($result->Credentials->Expiration)->epoch);
   }
 
   no Moose;
-
 1;
diff --git a/lib/Paws/Credential/CredProcess.pm b/lib/Paws/Credential/CredProcess.pm
@@ -3,26 +3,34 @@ package Paws::Credential::CredProcess;
   use JSON::MaybeXS qw/decode_json/;
   use Paws::Exception;
   use DateTime::Format::ISO8601;
+  use Paws::Credential::Explicit;
+
+  with 'Paws::Credential';
 
   has credential_process => (is => 'ro', isa => 'Str', required => 1);
 
+  has credentials => (is => 'rw', isa => 'Paws::Credential::Explicit|Undef');
+
   has expiration => (
     is => 'rw',
     isa => 'Int|Undef',
     lazy => 1,
     default => sub { 0 }
   );
 
-  has actual_creds => (
-    is => 'ro',
-    isa => 'HashRef',
-    builder => '_build_actual_creds',
-    clearer => '_clear_actual_creds',
-    lazy => 1
-  );
-
-  sub _build_actual_creds {
+  sub refresh {
     my $self = shift;
+
+    if ( $self->credentials ) {
+      if (not defined $self->expiration) {
+        return $self->credentials;
+      }
+
+      if ($self->expiration >= time ) {
+        return $self->credentials;
+      }
+    }
+
     my $creds;
     my $rc;
     {
@@ -44,103 +52,14 @@ package Paws::Credential::CredProcess;
       $self->expiration(undef);
     }
 
-    return $creds;
-  }
-
-  sub access_key {
-    my $self = shift;
-    $self->_refresh;
-    $self->actual_creds->{ AccessKeyId };
-  }
-
-  sub secret_key {
-    my $self = shift;
-    $self->_refresh;
-    $self->actual_creds->{ SecretAccessKey }
-  }
-
-  sub session_token {
-    my $self = shift;
-    $self->_refresh;
-    $self->actual_creds->{ SessionToken };
-  }
-
-  sub _refresh {
-    my $self = shift;
+    $self->credentials(Paws::Credential::Explicit->new(
+      access_key => $creds->{ AccessKeyId },
+      secret_key => $creds->{ SecretAccessKey },
+      session_token => $creds->{ SessionToken },
+    ));
 
-    return if not defined $self->expiration;
-    return if $self->expiration >= time;
-    $self->_clear_actual_creds;
+    return $self->credentials;
   }
 
-  with 'Paws::Credential';
-
   no Moose;
 1;
-### main pod documentation begin ###
-
-=encoding UTF-8
-
-=head1 NAME
-
-Paws::Credential::File
-
-=head1 SYNOPSIS
-
-  use Paws::Credential::File;
-
-  my $paws = Paws->new(config => {
-    credentials => Paws::Credential::File->new(
-      profile => 'profile1',
-      credentials_file => '/etc/aws_system_credentials', 
-    )
-  });
-  # will open /etc/aws_system_credentials
-
-
-  my $paws = Paws->new(config => {
-    credentials => Paws::Credential::File->new(
-      profile => 'profile1',
-      file_name => 'my_creds', 
-    )
-  });
-  # will open $HOME/.aws/my_creds
-
-  my $paws = Paws->new(config => {
-    credentials => Paws::Credential::File->new(
-      profile => 'profile1',
-      dir => '/etc/', 
-    )
-  });
-  # will open /etc/credentials
-
-
-=head1 DESCRIPTION
-
-The File credential provider is to read credentials from AWS SDK config files
-
-=head2 profile: Str
-
-The section in the ini file where credentials will be looked up:
-
-Defaults to the environment variable C<AWS_DEFAULT_PROFILE>, and if that is not defined, to "default"
-
-=head2 credentials_file: Str
-
-The path of the ini file to open
-
-Defaults to the path + file_name (C<$HOME/.aws/credentials> by default) if the environment variable AWS_CONFIG_FILE doesn't exist
-
-=head2 path: Str
-
-Path to the ini file
-
-Defaults to C<$HOME/.aws>
-
-=head2 file_name: Str
-
-Name of the ini file
-
-Defaults to C<credentials>
-
-=cut