mlibbey opened a new issue, #10773: URL: https://github.com/apache/trafficserver/issues/10773
In the s3_auth plugin for v4 signatures, there is an undocumented feature that allows for an expiration configuration. The plugin goes through considerable effort to reload a nearly expired token (https://github.com/apache/trafficserver/blob/6e00344df420db067e2b3cddbe8a7a48b7559700/plugins/s3_auth/s3_auth.cc#L1037), but is largely silent about doing so, which hampers operational ability to detect and remediate the issue. I'd suggest: - In the cases mentioned in code comments (1 hour before, 15min before, and at expiration) logging that the token is about to expire as more than debug level. - the log should have the token's name so that an operator can find the specific issue - there appears to be an error log printed ~10min after the token has expired. I think it would be appropriate to continue logging every 10 times -- eg, https://github.com/apache/trafficserver/blob/6e00344df420db067e2b3cddbe8a7a48b7559700/plugins/s3_auth/s3_auth.cc#L1084 instead of "==10", perhaps s3->incr_conf_reload_count() % 10 == 0 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
