-
Notifications
You must be signed in to change notification settings - Fork 620
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sts: Always slash expiry time by 80% #1533
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be more reasonable to only use the 80% when the DefaultExpiryWindow
is used.
I would keep it, but have it be -1
. If the window
sent is equal, use 80%.
Don't deprecate it and allow previous behavior to work as expected.
What about also having a default minimum time?
d869e88
to
31ca77e
Compare
Currently, STS expiration time is reduced by 10 seconds, but this is not always good since an S3 call can be called near expiration time but evaluated after the expiration time - the window here is 10 seconds which can be not enough to upload some large data to an S3 server before this latter rejects it with bad (expired) credentials. This commit will slash expiration time by 80% instead by default.
31ca77e
to
db3e9a8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doc update. Rest LGTM.
Co-authored-by: Klaus Post <klauspost@gmail.com>
cfeb39c
to
2909f1f
Compare
This fixes some issues in replication & S3 gateway: - minio/minio-go#1531 - minio/minio-go#1533
This fixes some issues in replication & S3 gateway: - minio/minio-go#1531 - minio/minio-go#1533
By default, STS expiration time is reduced by 10 seconds, but this is
not always good since an S3 call can be called near expiration time but
evaluated after the expiration time - the window here is 10 seconds
which can be not enough to upload some large data to an S3 server before
this latter rejects it with bad (expired) credentials.
This commit will always slash expiration time by 80% instead.