[arvados] updated: 2.7.1-43-g28ced00f6b

git repository hosting git at public.arvados.org
Tue Apr 2 14:51:12 UTC 2024 

Summary of changes:
 services/keepstore/handler_test.go | 33 +++++++++++++++++++--------------
 services/keepstore/handlers.go     | 19 +++++++++----------
 services/keepstore/s3aws_volume.go | 18 +++++++++++++++++-
 3 files changed, 45 insertions(+), 25 deletions(-)

       via  28ced00f6b373b06abafd6d067de46fe15c16573 (commit)
       via  0fbccba2792a90480d426b043c066bed01109bba (commit)
       via  26fcb9e9e22526a11badb61b6d782876914008e8 (commit)
       via  9777dd40e5c95d49ceb5e066d0d55c2afc8ce034 (commit)
      from  6672bb30c62b840a18e1f83812ec65a098c19109 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 28ced00f6b373b06abafd6d067de46fe15c16573
Merge: 6672bb30c6 0fbccba279
Author: Tom Clegg <tom at curii.com>
Date:   Tue Apr 2 10:45:35 2024 -0400

    Merge branch '21636-s3-token-expiry-2.7' into 2.7-staging
    
    refs #21636
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>


commit 0fbccba2792a90480d426b043c066bed01109bba
Author: Tom Clegg <tom at curii.com>
Date:   Tue Apr 2 10:43:59 2024 -0400

    21636: Increase ExpiryWindow and add doc reference.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>

diff --git a/services/keepstore/s3aws_volume.go b/services/keepstore/s3aws_volume.go
index b0520b258a..2c6a802408 100644
--- a/services/keepstore/s3aws_volume.go
+++ b/services/keepstore/s3aws_volume.go
@@ -223,7 +223,13 @@ func (v *S3AWSVolume) check(ec2metadataHostname string) error {
 				// expiring credentials do not cause
 				// request to fail unexpectedly due to
 				// ExpiredTokenException exceptions."
-				opts.ExpiryWindow = time.Minute
+				//
+				// (from
+				// https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html)
+				// "We make new credentials available
+				// at least five minutes before the
+				// expiration of the old credentials."
+				opts.ExpiryWindow = 5 * time.Minute
 			}),
 		})
 

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list