Correct order of operations

Author: YakDriver

v2/awsv1shim/session.go

@@ -129,9 +129,17 @@ func GetSession(ctx context.Context, awsC *awsv2.Config, c *awsbase.Config) (*se
 	sess.Handlers.Retry.PushBack(func(r *request.Request) {
 		logger := logging.RetrieveLogger(r.Context())
 
+		if r.IsErrorExpired() {
+			logger.Warn(ctx, "Disabling retries after next request due to expired credentials", map[string]any{
+				"error": r.Error,
+			})
+			r.Retryable = aws.Bool(false)
+		}
+
 		if r.RetryCount < constants.MaxNetworkRetryCount {
 			return
 		}
+
 		// RequestError: send request failed
 		// caused by: Post https://FQDN/: dial tcp: lookup FQDN: no such host
 		if tfawserr.ErrMessageAndOrigErrContain(r.Error, request.ErrCodeRequestError, "send request failed", "no such host") {
@@ -148,13 +156,6 @@ func GetSession(ctx context.Context, awsC *awsv2.Config, c *awsbase.Config) (*se
 			})
 			r.Retryable = aws.Bool(false)
 		}
-
-		if r.IsErrorExpired() {
-			logger.Warn(ctx, "Disabling retries after next request due to expired credentials", map[string]any{
-				"error": r.Error,
-			})
-			r.Retryable = aws.Bool(false)
-		}
 	})
 
 	return sess, nil

v2/awsv1shim/session_test.go

@@ -878,15 +878,84 @@ region = us-east-1
 				Region:    "us-east-1",
 				SecretKey: servicemocks.MockStaticSecretKey,
 			},
-			Description: "expired token error",
+			Description: "ExpiredToken invalid body",
 			ExpectedError: func(err error) bool {
 				return strings.Contains(err.Error(), "ExpiredToken")
 			},
 			MockStsEndpoints: []*servicemocks.MockEndpoint{
 				servicemocks.MockStsGetCallerIdentityInvalidBodyExpiredToken,
 			},
 		},
-
+		{
+			Config: &awsbase.Config{
+				AccessKey: servicemocks.MockStaticAccessKey,
+				Region:    "us-east-1",
+				SecretKey: servicemocks.MockStaticSecretKey,
+			},
+			Description: "ExpiredToken valid body", // in case they change it
+			ExpectedError: func(err error) bool {
+				return strings.Contains(err.Error(), "ExpiredToken")
+			},
+			MockStsEndpoints: []*servicemocks.MockEndpoint{
+				servicemocks.MockStsGetCallerIdentityValidBodyExpiredToken,
+			},
+		},
+		{
+			Config: &awsbase.Config{
+				AccessKey: servicemocks.MockStaticAccessKey,
+				Region:    "us-east-1",
+				SecretKey: servicemocks.MockStaticSecretKey,
+			},
+			Description: "ExpiredTokenException invalid body",
+			ExpectedError: func(err error) bool {
+				return strings.Contains(err.Error(), "ExpiredTokenException")
+			},
+			MockStsEndpoints: []*servicemocks.MockEndpoint{
+				servicemocks.MockStsGetCallerIdentityInvalidBodyExpiredTokenException,
+			},
+		},
+		{
+			Config: &awsbase.Config{
+				AccessKey: servicemocks.MockStaticAccessKey,
+				Region:    "us-east-1",
+				SecretKey: servicemocks.MockStaticSecretKey,
+			},
+			Description: "ExpiredTokenException valid body", // in case they change it
+			ExpectedError: func(err error) bool {
+				return strings.Contains(err.Error(), "ExpiredTokenException")
+			},
+			MockStsEndpoints: []*servicemocks.MockEndpoint{
+				servicemocks.MockStsGetCallerIdentityValidBodyExpiredTokenException,
+			},
+		},
+		{
+			Config: &awsbase.Config{
+				AccessKey: servicemocks.MockStaticAccessKey,
+				Region:    "us-east-1",
+				SecretKey: servicemocks.MockStaticSecretKey,
+			},
+			Description: "RequestExpired invalid body",
+			ExpectedError: func(err error) bool {
+				return strings.Contains(err.Error(), "RequestExpired")
+			},
+			MockStsEndpoints: []*servicemocks.MockEndpoint{
+				servicemocks.MockStsGetCallerIdentityInvalidBodyRequestExpired,
+			},
+		},
+		{
+			Config: &awsbase.Config{
+				AccessKey: servicemocks.MockStaticAccessKey,
+				Region:    "us-east-1",
+				SecretKey: servicemocks.MockStaticSecretKey,
+			},
+			Description: "RequestExpired valid body", // in case they change it
+			ExpectedError: func(err error) bool {
+				return strings.Contains(err.Error(), "RequestExpired")
+			},
+			MockStsEndpoints: []*servicemocks.MockEndpoint{
+				servicemocks.MockStsGetCallerIdentityValidBodyRequestExpired,
+			},
+		},
 		// 		{
 		// 			Config: &awsbase.Config{
 		// 				AccessKey: servicemocks.MockStaticAccessKey,
@@ -1133,7 +1202,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey
 					t.Fatalf("unexpected GetAwsConfig() '%[1]T' error: %[1]s", err)
 				}
 
-				t.Logf("received expected error: %s", err)
+				t.Logf("received expected error (awsbase.GetAwsConfig): %s", err)
 				return
 			}
 			actualSession, err := GetSession(ctx, &awsConfig, testCase.Config)
@@ -1146,7 +1215,7 @@ aws_secret_access_key = DefaultSharedCredentialsSecretKey
 					t.Fatalf("unexpected GetSession() '%[1]T' error: %[1]s", err)
 				}
 
-				t.Logf("received expected error: %s", err)
+				t.Logf("received expected error (GetSession): %s", err)
 				return
 			}
 
@@ -2300,6 +2369,27 @@ func TestSessionRetryHandlers(t *testing.T) {
 			ExpectedRetryableValue:   true,  // defaults to true for non-AWS errors
 			ExpectRetryToBeAttempted: false, // Does not actually get retried, because over max retry limit
 		},
+		{
+			Description:              "ExpiredToken error no retries",
+			RetryCount:               maxRetries,
+			Error:                    awserr.New("ExpiredToken", "The security token included in the request is expired", nil),
+			ExpectedRetryableValue:   false,
+			ExpectRetryToBeAttempted: false,
+		},
+		{
+			Description:              "ExpiredTokenException error no retries",
+			RetryCount:               maxRetries,
+			Error:                    awserr.New("ExpiredTokenException", "The security token included in the request is expired", nil),
+			ExpectedRetryableValue:   false,
+			ExpectRetryToBeAttempted: false,
+		},
+		{
+			Description:              "RequestExpired error no retries",
+			RetryCount:               maxRetries,
+			Error:                    awserr.New("RequestExpired", "The security token included in the request is expired", nil),
+			ExpectedRetryableValue:   false,
+			ExpectRetryToBeAttempted: false,
+		},
 		{
 			Description:              "send request no such host failed under MaxNetworkRetryCount",
 			RetryCount:               constants.MaxNetworkRetryCount - 1,