AWS IAM provider fails to renew token upon expiration #934
Labels
Comments
Merged
The best way is to have something like a delta which negates not adds - look at the API here https://pkg.go.dev/github.com/minio/minio-go/v6@v6.0.57/pkg/credentials?tab=doc#Expiry.SetExpiration // SetExpiration sets the expiration IsExpired will check when called.
//
// If window is greater than 0 the expiration time will be reduced by the
// window value.
//
// Using a window is helpful to trigger credentials to expire sooner than
// the expiration time given to ensure no requests are made with expired
// tokens.
func (e *Expiry) SetExpiration(expiration time.Time, window time.Duration) {
e.expiration = expiration
if window > 0 {
e.expiration = e.expiration.Add(-window)
}
} |
|
@harshavardhana I changed the time delta addition to a subtraction in PR #935. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The AWS IAM provider adds a 5 minute time delta to the actual expiration time of the token provided by AWS.
minio-py/minio/credentials/providers.py
Line 236 in 99dd78b
This causes a 5 minute period of time in which the SDK is operating with expired credentials before asking for a new token.
The text was updated successfully, but these errors were encountered: