class Aws::InstanceProfileCredentials

def backoff(backoff)
  case backoff
  when Proc then backoff
  when Numeric then lambda { |_| sleep(backoff) }
  else lambda { |num_failures| Kernel.sleep(1.2 ** num_failures) }
  end
end

def get_credentials
  failed_attempts = 0
  begin
    open_connection do |conn|
      path = '/latest/meta-data/iam/security-credentials/'
      profile_name = http_get(conn, path).lines.first.strip
      http_get(conn, path + profile_name)
    end
  rescue *FAILURES => e
    if failed_attempts < @retries
      @backoff.call(failed_attempts)
      failed_attempts += 1
      retry
    else
      '{}'
    end
  end
end

def http_get(connection, path)
  response = connection.request(Net::HTTP::Get.new(path))
  if response.code.to_i == 200
    response.body
  else
    raise Non200Response
  end
end

def initialize options = {}
  @retries = options[:retries] || 5
  @ip_address = options[:ip_address] || '169.254.169.254'
  @port = options[:port] || 80
  @http_open_timeout = options[:http_open_timeout] || 5
  @http_read_timeout = options[:http_read_timeout] || 5
  @http_debug_output = options[:http_debug_output]
  @backoff = backoff(options[:backoff])
  super
end

def open_connection
  http = Net::HTTP.new(@ip_address, @port, nil)
  http.open_timeout = @http_open_timeout
  http.read_timeout = @http_read_timeout
  http.set_debug_output(@http_debug_output) if @http_debug_output
  http.start
  yield(http).tap { http.finish }
end

def refresh
  credentials = MultiJson.load(get_credentials)
  @access_key_id = credentials['AccessKeyId']
  @secret_access_key = credentials['SecretAccessKey']
  @session_token = credentials['Token']
  if expires = credentials['Expiration']
    @expiration = Time.parse(expires)
  else
    @expiration = nil
  end
end