changelog entry for issue #220 / PR #243 / PR #245

jantman · Jan 15, 2017 · 00e0cb3 · 00e0cb3
1 parent e1e6f12
commit 00e0cb3
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -33,6 +33,28 @@ See `Getting Started - Trusted Advisor <http://awslimitchecker.readthedocs.io/en
 * `#241 <https://github.com/jantman/awslimitchecker/issues/241>`_ / `PR #242 <https://github.com/jantman/awslimitchecker/pull/242>`_ -
   Fix default ElastiCache/Nodes limit from 50 to 100, as that's `now <http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_elasticache>`_
   what the docs say.
+* `#220 <https://github.com/jantman/awslimitchecker/issues/220>`_ / `PR #243 <https://github.com/jantman/awslimitchecker/pull/243>`_ /
+  `PR #245 <https://github.com/jantman/awslimitchecker/pull/245>`_ - Fix for ExpiredTokenException Errors.
+  **awslimitchecker.connectable.credentials has been removed.**
+  In previous releases, awslimitchecker had been using a ``Connectable.credentials`` class attribute
+  to store AWS API credentials and share them between ``Connectable`` subclass instances. The side-effect
+  of this was that AWS credentials were set at the start of the Python process and never changed. For users
+  taking advantage of the Python API and either using short-lived STS credentials or using long-running
+  or threaded implementations, the same credentials persisted for the life of the process, and would often
+  result in ExpiredTokenExceptions. The fix was to move
+  `_boto_conn_kwargs <http://awslimitchecker.readthedocs.io/en/latest/awslimitchecker.checker.html#awslimitchecker.checker.AwsLimitChecker._boto_conn_kwargs>`_
+  and `_get_sts_token <http://awslimitchecker.readthedocs.io/en/latest/awslimitchecker.checker.html#awslimitchecker.checker.AwsLimitChecker._get_sts_token>`_
+  from `connectable <http://awslimitchecker.readthedocs.io/en/develop/awslimitchecker.connectable.html>`_ to the top-level
+  `AwsLimitChecker <http://awslimitchecker.readthedocs.io/en/latest/awslimitchecker.checker.html#awslimitchecker.checker.AwsLimitChecker>`_
+  class itself, get the value of the ``_boto_conn_kwargs`` property in the constructor, and pass that value in to all
+  ``Connectable`` subclasses. This means that each instance of AwsLimitChecker has its own unique connection-related kwargs
+  and credentials, and constructing a new instance will work intuitively - either use the newly-specified credentials,
+  or regenerate STS credentials if configured to use them. I have to extend my deepest gratitude to the folks who
+  identified and fixed this issue, specifically `cstewart87 <https://github.com/cstewart87>`_ for the initial
+  bug report and description, `aebie <https://github.com/aebie>`_ for the tireless and relentlessly thorough
+  investigation and brainstorming and for coordinating work for a fix, and `willusher <https://github.com/willusher>`_
+  for the final implementation and dealing (wonderfully) with the dizzying complexity of many of the unit tests
+  (and even matching the existing style).
 
 0.6.0 (2016-11-12)
 ------------------