New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support AWS STS client credentials refresh #2376
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This pull request has been linked to Clubhouse Story #7966: Sts token / assume role refresh support. |
Shelnutt2
reviewed
Jun 21, 2021
KiterLuc
reviewed
Jun 21, 2021
tiledb/sm/filesystem/s3.h
Outdated
@@ -565,6 +565,10 @@ class S3 { | |||
*/ | |||
mutable tdb_shared_ptr<Aws::S3::S3Client> client_; | |||
|
|||
/** The AWS credetial provider. */ | |||
mutable std::shared_ptr<Aws::Auth::AWSCredentialsProvider> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tdb_shared_ptr
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, done that, thanks
Shelnutt2
approved these changes
Jun 21, 2021
KiterLuc
approved these changes
Jun 22, 2021
github-actions bot
pushed a commit
that referenced
this pull request
Jun 22, 2021
* refersh aws sts token * add default duration_seconds as 3600 * change order of initializtion in S3 constructor * unset the default value for load_frequency * make format * change std::shared_ptr to tdb_shared_ptr
Shelnutt2
pushed a commit
that referenced
this pull request
Jun 22, 2021
* refersh aws sts token * add default duration_seconds as 3600 * change order of initializtion in S3 constructor * unset the default value for load_frequency * make format * change std::shared_ptr to tdb_shared_ptr Co-authored-by: bin.deng <76831442+bdeng-xt@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request is to add support for refreshing token of assuming an AWS role(ticket 7966). The load_frequency parameter in STSAssumeRoleCredentialsProvider is misleading. This parameter is not only used for refresh frequency, but also for initialization of duration_seconds. To make S3Client to refresh credentials when query is not complete, we only need to call GetAWSCredentials method which will check if it is going to be expired in one minute and refresh the credentials if needed. Another way to solve this problem is to set a higher time limit. Although the default time limit for an assume role is one hour. The maximum time limit can be set to 12 hours.
TYPE: IMPROVEMENT
DESC: Support credentials refresh for AWS