Adds a retry step to the credential process when granted fails to AssumeTerminal. The retry will run only if an active grant exists in a linked Common Fate deployment, otherwise, the original error is returned.
Why?
Users reported that the credential process would return an error sometimes when used immediately after activating an access request in Common Fate.
How did you test it?
Request access in CF, the use the credential process.
I also ran tests of the code path by simulating and error in AWS, this shows the grant was correctly matched and the Assume call was retried.
What changed?
Adds a retry step to the credential process when granted fails to AssumeTerminal. The retry will run only if an active grant exists in a linked Common Fate deployment, otherwise, the original error is returned.
Why?
Users reported that the credential process would return an error sometimes when used immediately after activating an access request in Common Fate.
How did you test it?
Request access in CF, the use the credential process. I also ran tests of the code path by simulating and error in AWS, this shows the grant was correctly matched and the Assume call was retried.
Potential risks
Is patch release candidate?
yes
Link to relevant docs PRs