EC2 IMDS Clear Token on 401

aws · Oct 2, 2020 · 91aa20e · 91aa20e
1 parent a538034
commit 91aa20e
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/ec2imds/token_provider.go b/ec2imds/token_provider.go
@@ -112,8 +112,9 @@ func (t *tokenProvider) HandleDeserialize(
 		return out, metadata, fmt.Errorf("expect HTTP transport, got %T", out.RawResponse)
 	}
 
-	if resp.StatusCode == 401 { // unauthorized
+	if resp.StatusCode == http.StatusUnauthorized { // unauthorized
 		err = &retryableError{Err: err}
+		t.clearToken()
 		t.enable()
 	}
 
@@ -230,3 +231,10 @@ func (t *tokenProvider) disable() {
 func (t *tokenProvider) enable() {
 	atomic.StoreUint32(&t.disabled, 0)
 }
+
+// clearToken clears the current token present
+func (t *tokenProvider) clearToken() {
+	t.tokenMux.Lock()
+	defer t.tokenMux.Unlock()
+	t.token = nil
+}