Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support AWS STS client credentials refresh #2376

Merged
merged 7 commits into from Jun 22, 2021
Merged

Support AWS STS client credentials refresh #2376

merged 7 commits into from Jun 22, 2021

Conversation

bdeng-xt
Copy link
Contributor

This pull request is to add support for refreshing token of assuming an AWS role(ticket 7966). The load_frequency parameter in STSAssumeRoleCredentialsProvider is misleading. This parameter is not only used for refresh frequency, but also for initialization of duration_seconds. To make S3Client to refresh credentials when query is not complete, we only need to call GetAWSCredentials method which will check if it is going to be expired in one minute and refresh the credentials if needed. Another way to solve this problem is to set a higher time limit. Although the default time limit for an assume role is one hour. The maximum time limit can be set to 12 hours.

TYPE: IMPROVEMENT
DESC: Support credentials refresh for AWS

@shortcut-integration
Copy link

This pull request has been linked to Clubhouse Story #7966: Sts token / assume role refresh support.

KiterLuc
KiterLuc reviewed Jun 21, 2021
View reviewed changes
tiledb/sm/filesystem/s3.h Outdated
@@ -565,6 +565,10 @@ class S3 {
*/
mutable tdb_shared_ptr<Aws::S3::S3Client> client_;

/** The AWS credetial provider. */
mutable std::shared_ptr<Aws::Auth::AWSCredentialsProvider>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tdb_shared_ptr

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, done that, thanks

@Shelnutt2 Shelnutt2 requested a review from KiterLuc June 21, 2021 19:46
@Shelnutt2 Shelnutt2 merged commit 0820330 into dev Jun 22, 2021
@Shelnutt2 Shelnutt2 deleted the bd/ch7966-sts-token-refresh-support branch June 22, 2021 10:30
github-actions bot pushed a commit that referenced this pull request Jun 22, 2021
@bdeng-xt @github-actions
Support AWS STS client credentials refresh (#2376)
08bd4d2 
* refersh aws sts token

* add default duration_seconds as 3600

* change order of initializtion in S3 constructor

* unset the default value for load_frequency

* make format

* change std::shared_ptr to tdb_shared_ptr
@github-actions github-actions bot mentioned this pull request Jun 22, 2021
Merged
Shelnutt2 pushed a commit that referenced this pull request Jun 22, 2021
@github-actions @bdeng-xt
Support AWS STS client credentials refresh (#2376) (#2380)
cada868 
* refersh aws sts token

* add default duration_seconds as 3600

* change order of initializtion in S3 constructor

* unset the default value for load_frequency

* make format

* change std::shared_ptr to tdb_shared_ptr

Co-authored-by: bin.deng <76831442+bdeng-xt@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Shelnutt2 Shelnutt2 Shelnutt2 approved these changes

@KiterLuc KiterLuc KiterLuc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@bdeng-xt @Shelnutt2 @KiterLuc