Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

expired s3_auth token -- improve logging #10773

Open
mlibbey opened this issue Nov 14, 2023 · 1 comment · May be fixed by #11885
Open

expired s3_auth token -- improve logging #10773

mlibbey opened this issue Nov 14, 2023 · 1 comment · May be fixed by #11885
Assignees
@jasmine-nahrain
Labels
s3_auth s3_auth plugin Stale

Comments

@mlibbey
Copy link
Contributor

mlibbey commented Nov 14, 2023

In the s3_auth plugin for v4 signatures, there is an undocumented feature that allows for an expiration configuration. The plugin goes through considerable effort to reload a nearly expired token (

trafficserver/plugins/s3_auth/s3_auth.cc

Line 1037 in 6e00344

// If the token has more than one hour to expire, reload is scheduled one hour before expiration.
), but is largely silent about doing so, which hampers operational ability to detect and remediate the issue. I'd suggest:

  • In the cases mentioned in code comments (1 hour before, 15min before, and at expiration) logging that the token is about to expire as more than debug level.
  • the log should have the token's name so that an operator can find the specific issue
  • there appears to be an error log printed ~10min after the token has expired. I think it would be appropriate to continue logging every 10 times -- eg,

    trafficserver/plugins/s3_auth/s3_auth.cc

    Line 1084 in 6e00344

    if (s3->incr_conf_reload_count() == 10) {
    instead of "==10", perhaps s3->incr_conf_reload_count() % 10 == 0
@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has not had recent activity. Marking it stale to flag it for further consideration by the community.

@github-actions github-actions bot added the Stale label Nov 13, 2024
@JosiahWI JosiahWI added the s3_auth s3_auth plugin label Nov 13, 2024
@jasmine-nahrain jasmine-nahrain self-assigned this Nov 18, 2024
@jasmine-nahrain jasmine-nahrain linked a pull request Nov 27, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jasmine-nahrain jasmine-nahrain

Labels
s3_auth s3_auth plugin Stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add better logging for origin_server_auth jasmine-nahrain/trafficserver
3 participants
@mlibbey @jasmine-nahrain @JosiahWI