Add static stability support to IMDS credentials provider

CHANGELOG.next.toml

@@ -62,3 +62,11 @@ message = "The [`@uniqueItems`](https://smithy.io/2.0/spec/constraint-traits.htm
 references = ["smithy-rs#2232", "smithy-rs#1670"]
 meta = { "breaking" = false, "tada" = true, "bug" = false, "target" = "server"}
 author = "david-perez"
+
+[[aws-sdk-rust]]
+message = """
+Add static stability support to IMDS credentials provider. It does not alter common use cases for the provider, but allows the provider to serve expired credentials in case IMDS is unreachable. This allows requests to be dispatched to a target service with expired credentials. This, in turn, allows the target service to make the ultimate decision as to whether requests sent are valid or not.
+"""
+references = ["smithy-rs#2258"]
+meta = { "breaking" = false, "tada" = true, "bug" = false }
+author = "ysaito1001"

aws/rust-runtime/aws-config/Cargo.toml

@@ -38,6 +38,9 @@ ring = "0.16"
 hex = "0.4.3"
 zeroize = "1"
 
+# implementation detail of IMDS credentials provider
+fastrand = "1"
+
 bytes = "1.1.0"
 http = "0.2.4"
 tower = { version = "0.4.8" }

aws/rust-runtime/aws-config/src/default_provider/credentials.rs

@@ -236,14 +236,22 @@ mod test {
             make_test!($name, execute_from_live_traffic);
         };
         ($name: ident, $func: ident) => {
+            make_test!($name, $func, std::convert::identity);
+        };
+        ($name: ident, $provider_config_builder: expr) => {
+            make_test!($name, execute, $provider_config_builder);
+        };
+        ($name: ident, $func: ident, $provider_config_builder: expr) => {
             #[traced_test]
             #[tokio::test]
             async fn $name() {
                 crate::test_case::TestEnvironment::from_dir(concat!(
                     "./test-data/default-provider-chain/",
                     stringify!($name)
                 ))
+                .await
                 .unwrap()
+                .with_provider_config($provider_config_builder)
                 .$func(|conf| async {
                     crate::default_provider::credentials::Builder::default()
                         .configure(conf)
@@ -269,12 +277,23 @@ mod test {
 
     make_test!(imds_no_iam_role);
     make_test!(imds_default_chain_error);
-    make_test!(imds_default_chain_success);
+    make_test!(imds_default_chain_success, |config| {
+        config.with_time_source(aws_credential_types::time_source::TimeSource::testing(
+            &aws_credential_types::time_source::TestingTimeSource::new(std::time::UNIX_EPOCH),
+        ))
+    });
     make_test!(imds_assume_role);
-    make_test!(imds_config_with_no_creds);
+    make_test!(imds_config_with_no_creds, |config| {
+        config.with_time_source(aws_credential_types::time_source::TimeSource::testing(
+            &aws_credential_types::time_source::TestingTimeSource::new(std::time::UNIX_EPOCH),
+        ))
+    });
     make_test!(imds_disabled);
-    make_test!(imds_default_chain_retries);
-
+    make_test!(imds_default_chain_retries, |config| {
+        config.with_time_source(aws_credential_types::time_source::TimeSource::testing(
+            &aws_credential_types::time_source::TestingTimeSource::new(std::time::UNIX_EPOCH),
+        ))
+    });
     make_test!(ecs_assume_role);
     make_test!(ecs_credentials);
     make_test!(ecs_credentials_invalid_profile);
@@ -284,11 +303,12 @@ mod test {
 
     #[tokio::test]
     async fn profile_name_override() {
-        let (_, conf) =
+        let conf =
             TestEnvironment::from_dir("./test-data/default-provider-chain/profile_static_keys")
+                .await
                 .unwrap()
                 .provider_config()
-                .await;
+                .clone();
         let provider = DefaultCredentialsChain::builder()
             .profile_name("secondary")
             .configure(conf)