[arvados] created: 2.7.0-6265-g4ec8e3b32c

[git repository hosting]

        at  4ec8e3b32cd11141f9d639f651b721feff66c437 (commit)


commit 4ec8e3b32cd11141f9d639f651b721feff66c437
Author: Tom Clegg <tom at curii.com>
Date:   Mon Apr 1 09:20:02 2024 -0400

    21636: Test http status returned for unknown backend errors.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>

diff --git a/services/keepstore/router_test.go b/services/keepstore/router_test.go
index ee7be4768c..15a055d55e 100644
--- a/services/keepstore/router_test.go
+++ b/services/keepstore/router_test.go
@@ -373,6 +373,13 @@ func (s *routerSuite) TestVolumeErrorStatusCode(c *C) {
 	c.Check(resp.Code, Equals, http.StatusBadGateway)
 	c.Check(resp.Body.String(), Equals, "test error\n")
 
+	router.keepstore.mountsW[0].volume.(*stubVolume).blockRead = func(_ context.Context, hash string, w io.WriterAt) error {
+		return errors.New("no http status provided")
+	}
+	resp = call(router, "GET", "http://example/"+locSigned, arvadostest.ActiveTokenV2, nil, nil)
+	c.Check(resp.Code, Equals, http.StatusInternalServerError)
+	c.Check(resp.Body.String(), Equals, "no http status provided\n")
+
 	c.Assert(router.keepstore.mountsW[1].volume.BlockWrite(context.Background(), barHash, []byte("bar")), IsNil)
 
 	// If the requested block is available on the second volume,

commit 4b7bd3d53c9a108e8074f11e7e78475b80f07c57
Author: Tom Clegg <tom at curii.com>
Date:   Fri Mar 29 16:58:23 2024 -0400

    21636: Set ExpiryWindow to avoid credential expiry races.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>

diff --git a/services/keepstore/s3_volume.go b/services/keepstore/s3_volume.go
index dc857c3264..affcc988dd 100644
--- a/services/keepstore/s3_volume.go
+++ b/services/keepstore/s3_volume.go
@@ -217,7 +217,17 @@ func (v *s3Volume) check(ec2metadataHostname string) error {
 	creds := aws.NewChainProvider(
 		[]aws.CredentialsProvider{
 			aws.NewStaticCredentialsProvider(v.AccessKeyID, v.SecretAccessKey, v.AuthToken),
-			ec2rolecreds.New(ec2metadata.New(cfg)),
+			ec2rolecreds.New(ec2metadata.New(cfg), func(opts *ec2rolecreds.ProviderOptions) {
+				// (from aws-sdk-go-v2 comments)
+				// "allow the credentials to trigger
+				// refreshing prior to the credentials
+				// actually expiring. This is
+				// beneficial so race conditions with
+				// expiring credentials do not cause
+				// request to fail unexpectedly due to
+				// ExpiredTokenException exceptions."
+				opts.ExpiryWindow = time.Minute
+			}),
 		})
 
 	cfg.Credentials = creds

-----------------------------------------------------------------------


hooks/post-receive
--