From c42799fb0124f613e55eea8de04e120007342e2d Mon Sep 17 00:00:00 2001
From: Pavel Emelyanov <xemul@scylladb.com>
Date: Mon, 16 Mar 2026 10:53:21 +0300
Subject: [PATCH] s3: Don't rearm credential timers when credentials are not
 refreshed

The update_credentials_and_rearm() may get "empty" credentials from
_creds_provider_chain.get_aws_credentials() -- it doesn't throw, but
returns default-initialized value. In that case the expires_at will be
set to time_point::min, and it's probably not a good idea to arm the
refresh timer and, even worse idea, to subtract 1h from it.

Fixes #29056

Signed-off-by: Pavel Emelyanov <xemul@scylladb.com>

Closes scylladb/scylladb#29057

(cherry picked from commit 961fc9e0416b7ff77b9f5ce3c69dd48007795a72)

Closes scylladb/scylladb#29158
---
 utils/s3/client.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/utils/s3/client.cc b/utils/s3/client.cc
index a6b5cb2f9a..8356540410 100644
--- a/utils/s3/client.cc
+++ b/utils/s3/client.cc
@@ -161,8 +161,10 @@ shared_ptr<client> client::make(std::string ep, std::string region, std::string
 
 future<> client::update_credentials_and_rearm() {
     _credentials = co_await _creds_provider_chain.get_aws_credentials();
-    _creds_invalidation_timer.rearm(_credentials.expires_at);
-    _creds_update_timer.rearm(_credentials.expires_at - 1h);
+    if (_credentials) {
+        _creds_invalidation_timer.rearm(_credentials.expires_at);
+        _creds_update_timer.rearm(_credentials.expires_at - 1h);
+    }
 }
 
 future<> client::authorize(http::request& req) {