fix: do not redact the expiration

evergreen-ci · Sep 25, 2024 · 21d2315 · 21d2315
1 parent 057007d
commit 21d2315
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/agent/command/assume_ec2_role.go b/agent/command/assume_ec2_role.go
@@ -97,7 +97,7 @@ func (r *ec2AssumeRole) execute(ctx context.Context, comm client.Communicator, l
 	conf.NewExpansions.PutAndRedact(globals.AWSAccessKeyId, creds.AccessKeyID)
 	conf.NewExpansions.PutAndRedact(globals.AWSSecretAccessKey, creds.SecretAccessKey)
 	conf.NewExpansions.PutAndRedact(globals.AWSSessionToken, creds.SessionToken)
-	conf.NewExpansions.PutAndRedact(globals.AWSRoleExpiration, creds.Expiration)
+	conf.NewExpansions.Put(globals.AWSRoleExpiration, creds.Expiration)
 
 	return nil
 }

diff --git a/agent/command/assume_ec2_role_test.go b/agent/command/assume_ec2_role_test.go
@@ -104,7 +104,8 @@ func TestEC2AssumeRoleExecute(t *testing.T) {
 				assert.True(t, hasAccessKey)
 				assert.True(t, hasSecretAccessKey)
 				assert.True(t, hasSessionToken)
-				assert.True(t, hasExpiration)
+				// The expiration should not be redacted.
+				assert.False(t, hasExpiration)
 			})
 		},
 	} {