Merge 68aa6bc into 423e1f2

fence/blueprints/data/indexd.py

@@ -672,6 +672,7 @@ def assume_role(cls, bucket_cred, expires_in, aws_creds_config, boto=None):
         # try to retrieve from local in-memory cache
         rv, expires_at = cls._assume_role_cache.get(role_arn, (None, 0))
         if expires_at > expiry:
+            print("Getting cached AWS roles from memory")
             return rv
 
         # try to retrieve from database cache
@@ -689,6 +690,7 @@ def assume_role(cls, bucket_cred, expires_in, aws_creds_config, boto=None):
                         aws_session_token=cache.aws_session_token,
                     )
                     cls._assume_role_cache[role_arn] = rv, cache.expires_at
+                    print("Getting cached AWS roles from DB")
                     return rv
 
         # retrieve from AWS, with additional ASSUME_ROLE_CACHE_SECONDS buffer for cache
@@ -708,6 +710,7 @@ def assume_role(cls, bucket_cred, expires_in, aws_creds_config, boto=None):
         cred = get_value(
             assumed_role, "Credentials", InternalError("fail to assume role")
         )
+        print("Cached roles not in mem or DB, getting roles from AWS")
         rv = {
             "aws_access_key_id": get_value(
                 cred,
@@ -730,6 +733,7 @@ def assume_role(cls, bucket_cred, expires_in, aws_creds_config, boto=None):
         ).timestamp()
 
         # stores back to cache
+        print("Caching roles back to mem and DB")
         cls._assume_role_cache[role_arn] = rv, expires_at
         if hasattr(flask.current_app, "db"):  # we don't have db in startup
             with flask.current_app.db.session as session: